# /etc/ipsec.conf - strongSwan IPsec configuration file config setup crlcheckinterval=180 strictcrlpolicy=yes plutostart=no ca strongswan-ca cacert=strongswanCert.pem ocspuri=http://ocsp.strongswan.org:8880 auto=add conn %default keyexchange=ikev2 ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 conn rw left=PH_IP_MOON leftnexthop=%direct leftcert=moonCert.pem leftid=@moon.strongswan.org leftsubnet=10.1.0.0/16 right=%any auto=add