# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	strictcrlpolicy=no
	crlcheckinterval=180
	charonstart=no
	plutodebug=control

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev1
	mobike=no

conn net-net
	also=host-host
	leftsubnet=10.2.0.0/16
	rightsubnet=10.1.0.0/16

conn host-host
	left=fec0::2
	leftcert=sunCert.pem
	leftid=@sun.strongswan.org
	right=fec0::1
	rightid=@moon.strongswan.org
	auto=add