# /etc/ipsec.conf - strongSwan IPsec configuration file config setup crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no ca strongswan cacert=strongswanCert.pem crluri="ldap://ldap1.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList" auto=add conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=2 keyexchange=ikev2 conn rw left=PH_IP_MOON leftnexthop=%direct leftcert=moonCert.pem leftid=@moon.strongswan.org leftfirewall=yes leftsubnet=10.1.0.0/16 right=%any auto=add