# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	crlcheckinterval=180
	strictcrlpolicy=yes
	plutostart=no

ca strongswan
        cacert=strongswanCert.pem
        crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
        auto=add

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2
	left=192.168.0.100
	leftcert=carolCert.pem
	right=192.168.0.1
	rightid=@moon.strongswan.org
	rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"

conn alice
	rightsubnet=10.1.0.10/32
	auto=add
	
conn venus
	rightsubnet=10.1.0.20/32
	auto=add