connections {

   host-host {
      local_addrs  = 192.168.0.1
      remote_addrs = 192.168.0.2

      local {
         auth = pubkey
         certs = moonCert.pem
         id = moon.strongswan.org
      }
      remote {
         auth = pubkey
         id = sun.strongswan.org
      }
      children {
         host-host {
            updown = /usr/local/libexec/ipsec/_updown iptables
            rekey_time = 5400
            rekey_bytes = 500000000
            rekey_packets = 1000000
            ah_proposals = sha256
            mode = transport

         }
      }
      version = 1
      reauth_time = 10800
      proposals = aes128-sha256-modp3072
   }
}