# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	strictcrlpolicy=no
	plutostart=no
	charondebug="tls 2"

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2
	ike=aes128-sha256-ecp256!
	esp=aes128-sha256!

conn rw-eap
	left=PH_IP_MOON
	leftsubnet=10.1.0.0/16
	leftcert=moonCert.pem
	leftauth=eap-tls
	leftfirewall=yes
	rightauth=eap-tls
	rightsendcert=never
	right=%any
	auto=add