# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
    	charondebug="chd 2, knl 2"
	crlcheckinterval=180
	strictcrlpolicy=no
	plutostart=no

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2
	type=tunnel
	auth=esp
	compress=no
	mobike=no

conn net-net
	left=200.200.200.10
	leftsubnet=192.168.1.0/24
	leftcert=moonCert.pem
	leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
	leftfirewall=yes
	right=200.200.200.20
	rightsubnet=192.168.2.0/24
	rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
	auto=add