# /etc/ipsec.conf - strongSwan IPsec configuration file

version	2.0	# conforms to second version of ipsec.conf specification

config setup
	plutodebug=control
	crlcheckinterval=180
	strictcrlpolicy=no
	nat_traversal=no

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1

conn system
	left=PH_IP_ALICE
	leftprotoport=tcp/ssh
	leftnexthop=%direct
	authby=never
	type=passthrough
	right=10.1.0.254
	rightprotoport=tcp
	auto=route

conn wlan 
	left=PH_IP_ALICE
	leftnexthop=%direct
	leftcert=aliceCert.pem
	leftid=alice@strongswan.org
	leftfirewall=yes
	right=PH_IP1_MOON
	rightid=@moon.strongswan.org
	rightsubnet=0.0.0.0/0
	auto=add