# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	crlcheckinterval=180
	strictcrlpolicy=yes
	cachecrls=yes
	plutostart=no

ca strongswan
	cacert=strongswanCert.pem
	crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
	auto=add

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=2
	keyexchange=ikev2

conn rw
	left=PH_IP_MOON
	leftcert=moonCert.pem
	leftid=@moon.strongswan.org
	leftfirewall=yes
	leftsubnet=10.1.0.0/16
	right=%any
	auto=add