# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	plutodebug=control
	crlcheckinterval=180
	strictcrlpolicy=no
	charonstart=no

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	left=PH_IP_MOON
	leftsubnet=10.1.0.0/16
	right=PH_IP_SUN

conn net-net
	rightsubnet=0.0.0.0/0
	rightid=@sun.strongswan.org
	leftid=@moon.strongswan.org
	leftcert=moonCert.pem
	leftsourceip=10.1.0.1
	leftfirewall=yes
	lefthostaccess=yes
	auto=add
        
conn pass
	rightsubnet=10.1.0.0/16
	type=passthrough
	authby=never
	auto=route