# /etc/strongswan.conf - strongSwan configuration file

charon {
  load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound dnscert random nonce x509 curl kernel-netlink socket-default stroke updown

  plugins {
    dnscert {
      enable = yes
    }
  }
}

libstrongswan {
  plugins {
    unbound {
      # trust_anchors = /etc/ipsec.d/dnssec.keys
      # resolv_conf = /etc/resolv.conf
    }
  }
}