# /etc/ipsec.conf - strongSwan IPsec configuration file config setup conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 dpdaction=restart dpddelay=60s leftfirewall=yes lefthostaccess=yes conn hub leftcert=bobCert.pem leftid=bob@strongswan.org leftsubnet=10.2.0.0/16 right=PH_IP_CAROL rightid=carol@strongswan.org rightsubnet=PH_IP_CAROL/32,10.1.0.0/16 compress=yes auto=add