# /etc/ipsec.conf - strongSwan IPsec configuration file

version	2.0	# conforms to second version of ipsec.conf specification

config setup
	plutodebug=control
	crlcheckinterval=180	
	nat_traversal=yes

conn %default
	ikelifetime=60m
	keylife=20m
	left=PH_IP_SUN
	leftcert=sunCert.pem
	leftid=@sun.strongswan.org
	leftsubnet=10.2.0.0/16

conn rw-alice
	right=%any
	rightcert=aliceCert.pem
	rightid=alice@strongswan.org
	rightsubnet=10.1.0.0/16
	keyexchange=ikev2
	auto=add

conn nat-t
	leftsubnet=10.2.0.0/16
	right=%any
	rightsubnetwithin=10.1.0.0/16
	keyexchange=ikev1
	auto=add