# /etc/ipsec.conf - strongSwan IPsec configuration file

version	2.0	# conforms to second version of ipsec.conf specification

config setup
	plutodebug=control
	crlcheckinterval=180
	strictcrlpolicy=yes

ca strongswan
	cacert=strongswanCert.pem
	ocspuri=http://ocsp.strongswan.org:8880
	auto=add

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	left=PH_IP_MOON
	leftnexthop=%direct
	leftcert=moonCert.pem
	leftid=@moon.strongswan.org

conn net-net
	leftsubnet=10.1.0.0/16
	right=PH_IP_SUN
	rightsubnet=10.2.0.0/16
	rightid=@sun.strongswan.org
	auto=add
        
conn host-host
	right=PH_IP_SUN
	rightid=@sun.strongswan.org
	auto=add

conn rw
	leftsubnet=10.1.0.0/16
	right=%any
	auto=add