# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2
	mobike=no

conn local-net
	leftsubnet=10.1.0.0/16
	rightsubnet=10.1.0.0/16
	authby=never
	type=pass
	auto=route

conn venus-icmp
	leftsubnet=PH_IP_VENUS/32
	rightsubnet=0.0.0.0/0
	leftprotoport=icmp
	rightprotoport=icmp
	leftauth=any
	rightauth=any	
	type=drop
	auto=route

conn net-net 
	left=PH_IP_MOON
	leftcert=moonCert.pem
	leftid=@moon.strongswan.org
	leftsubnet=10.1.0.0/16
	leftfirewall=yes
	lefthostaccess=yes
	right=PH_IP_SUN
	rightid=@sun.strongswan.org
	rightsubnet=0.0.0.0/0
	auto=add