# /etc/strongswan.conf - strongSwan configuration file swanctl { load = pem pkcs1 x509 revocation constraints pubkey openssl random } charon-systemd { load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown multiple_authentication=no syslog { daemon { tls = 2 } } } libtls { suites = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 }