# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	plutodebug=control
	crlcheckinterval=180
	strictcrlpolicy=yes
	charonstart=no

ca strongswan
	cacert=strongswanCert.pem
	crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
	auto=add

ca research 
        cacert=researchCert.pem
	crluri="ldap://ldap.strongswan.org/cn=Research CA, ou=Research, o=Linux strongSwan, c=CH?certificateRevocationList"
	auto=add
	
ca sales 
        cacert=salesCert.pem
	crluri="ldap://ldap.strongswan.org/cn=Sales CA, ou=Sales, o=Linux strongSwan, c=CH?certificateRevocationList"
	auto=add
			
conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	left=PH_IP_MOON
	leftcert=moonCert.pem
	leftid=@moon.strongswan.org
	leftfirewall=yes

conn alice
	leftsubnet=PH_IP_ALICE/32
	right=%any
	rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
	auto=add
	
conn venus
	leftsubnet=PH_IP_VENUS/32
	right=%any
	rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
	auto=add