# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	plutodebug=control
	crlcheckinterval=180
	strictcrlpolicy=no
	charonstart=no

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1

conn net-net
	also=host-host
	also=moon-net
	also=sun-net
        
conn host-host
	also=moon
	also=sun
	auto=add

conn rw
	right=%any
	also=moon
	also=moon-net
	auto=add

conn moon
	left=PH_IP_MOON
        leftnexthop=%direct
        leftcert=moonCert.pem
        leftid=@moon.strongswan.org
        leftfirewall=yes
	also=host-host

conn moon-net
	leftsubnet=10.1.0.0/16

conn sun
	right=PH_IP_SUN
	rightid=@sun.strongswan.org

conn sun-net
	rightsubnet=10.2.0.0/16