# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	charondebug="cfg 2, knl 2"

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
        keyingtries=1
	keyexchange=ikev2
	ike=aes128-sha1-modp1536!
	esp=aes128-sha1-esn!
	mobike=no

conn net-net 
	left=PH_IP_SUN
	leftcert=sunCert.pem
	leftid=@sun.strongswan.org
	leftsubnet=10.2.0.0/16
	leftfirewall=yes
	right=PH_IP_MOON
	rightid=@moon.strongswan.org
	rightsubnet=10.1.0.0/16
	auto=add