# /etc/ipsec.conf - strongSwan IPsec configuration file

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2
	ike=aes128-sha256-ecp256!
	esp=aes128-sha256!

conn home
	left=PH_IP_CAROL
	leftcert=carolCert.pem
	leftauth=eap
	leftfirewall=yes
	right=PH_IP_MOON
	rightid="C=CH, O=Linux strongSwan, OU=ECSA 521 bit, CN=moon.strongswan.org"
	rightauth=any
	rightsubnet=10.1.0.0/16
	rightsendcert=never
	auto=add