# /etc/strongswan.conf - strongSwan configuration file

charon {
  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
  multiple_authentication = no

  plugins {
    kernel-netlink {
      fwmark = !0x42
    }
    socket-default {
      fwmark = 0x42
    }
    kernel-libipsec {
      allow_peer_ts = yes
    }
  }
}