# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2
	ike=aes256gcm16-prfsha512-modp2048,aes128gcm16-prfsha256-modp1536!
	esp=aes256gcm16-modp2048,aes128gcm16-modp1536!

conn rw
	left=PH_IP_MOON
	leftfirewall=yes
	leftcert=moonCert.pem
	leftid=@moon.strongswan.org
	leftsubnet=10.1.0.0/16
	right=%any
	auto=add