connections {

   gw-gw {
      local_addrs  = 192.168.0.2
      remote_addrs = 192.168.0.1 

      local {
         auth = pubkey
         certs = sunCert.pem
         id = sun.strongswan.org
      }
      remote {
         auth = pubkey
         id = moon.strongswan.org 
      }
      children {
         net-net {
            local_ts  = fec2::0/16[ipv6-icmp]
            remote_ts = fec1::0/16[ipv6-icmp] 

            updown = /etc/updown
            esp_proposals = aes256gcm128-ecp384
         }
      }
      version = 2
      mobike = no
      proposals = aes256-sha384-ecp384
   }
}