connections {

   gw-gw {
      local_addrs  = PH_IP_MOON
      remote_addrs = PH_IP_SUN

      local {
         auth = pubkey
         certs = moonCert.pem
         id = moon.strongswan.org
      }
      remote {
         auth = pubkey
         id = sun.strongswan.org
      }
      children {
         gre {
            local_ts  = dynamic[gre]
            remote_ts = dynamic[gre]
            mode = transport

            updown = /usr/local/libexec/ipsec/_updown iptables
            esp_proposals = aes128gcm128-x25519
         }
      }
      version = 2
      proposals = aes128-sha256-x25519
   }
}