# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	plutodebug="control parsing" #parsing to get knl 2 messages
	crlcheckinterval=180
	strictcrlpolicy=no
	nat_traversal=yes
	charonstart=no

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev1

conn alice
	rightid=alice@strongswan.org
	mark=10/0xffffffff
	also=sun
	auto=add

conn venus
	rightid=@venus.strongswan.org
	mark=20  #0xffffffff is used by default
	also=sun
	auto=add

conn sun
	left=PH_IP_SUN
	leftcert=sunCert.pem
	leftid=@sun.strongswan.org
	leftsubnet=10.2.0.0/16
	leftupdown=/etc/mark_updown
	right=%any
	rightsubnet=10.1.0.0/25