# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	crlcheckinterval=180
	strictcrlpolicy=yes
	plutostart=no

ca strongswan
	cacert=strongswanCert.pem
	ocspuri=http://ocsp.strongswan.org:8880
	auto=add

ca research
	cacert=researchCert.pem
	ocspuri=http://ocsp.strongswan.org:8881
	auto=add

ca sales
	cacert=salesCert.pem
	ocspuri=http://ocsp.strongswan.org:8882
	auto=add

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2
	left=192.168.0.1
	leftcert=moonCert.pem
	leftid=@moon.strongswan.org

conn alice
	leftsubnet=10.1.0.10/32
	right=%any
	rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
	auto=add
	
conn venus
	leftsubnet=10.1.0.20/32
	right=%any
	rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
	auto=add