# /etc/ipsec.conf - strongSwan IPsec configuration file config setup charondebug="tnc 3, imv 2" conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 conn rw-allow rightgroups=allow leftsubnet=10.1.0.0/28 also=rw-eap auto=add conn rw-isolate rightgroups=isolate leftsubnet=10.1.0.16/28 also=rw-eap auto=add conn rw-eap left=PH_IP_MOON leftcert=moonCert.pem leftid=@moon.strongswan.org leftauth=eap-ttls leftfirewall=yes rightauth=eap-ttls rightid=*@strongswan.org rightsendcert=never right=%any