# /etc/ipsec.conf - strongSwan IPsec configuration file config setup charondebug="knl 2" conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 conn alice rightid=alice@strongswan.org mark=10/0xffffffff also=sun auto=add conn venus rightid=@venus.strongswan.org mark=20 #0xffffffff is used by default also=sun auto=add conn sun left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org leftsubnet=10.2.0.0/16 leftupdown=/etc/mark_updown right=%any rightsubnet=0.0.0.0/0