# /etc/strongswan.conf - strongSwan configuration file

charon {
  load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default stroke updown

  plugins {
    dnscert {
      enable = yes
    }
    unbound {
      # trust_anchors = /etc/ipsec.d/dnssec.keys
      # resolv_conf = /etc/resolv.conf
    }
  }
}