# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	strictcrlpolicy=no
	plutostart=no

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2

conn host-host
	right=PH_IP_MOON
	rightnexthop=%direct
	rightcert=moonCert.pem
	rightid=@moon.strongswan.org
	rightfirewall=yes
	left=PH_IP_SUN
	leftid=@sun.strongswan.org
	auto=add