# /etc/ipsec.conf - strongSwan IPsec configuration file

version	2.0	# conforms to second version of ipsec.conf specification

config setup
	plutodebug=control
	crlcheckinterval=180
	strictcrlpolicy=no

ca strongswan
	cacert=strongswanCert.pem
	crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
	auto=add

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	left=PH_IP_DAVE
	leftnexthop=%direct
	leftcert=daveCert.pem
	right=PH_IP_MOON
	rightid=@moon.strongswan.org

conn alice
	rightsubnet=PH_IP_ALICE/32
	auto=add
	
conn venus
	rightsubnet=PH_IP_VENUS/32
	auto=add