connections {

   home {
      local_addrs  = 192.168.0.100
      remote_addrs = 192.168.0.1 

      local {
         auth = pubkey
         certs = carolCert.pem
         id = carol@strongswan.org
      }
      remote {
         auth = pubkey
         id = moon.strongswan.org 
      }
      children {
         home {
            remote_ts = 10.1.0.0/16 
            priority = 2

            esp_proposals = aes128gcm128-curve25519
         }
      }
      version = 2
      proposals = aes128-sha256-curve25519
   }

   shunts {

      children {
         pass-ssh-in {
            local_ts  = 0.0.0.0/0[tcp/ssh]
            remote_ts = 0.0.0.0/0[tcp]
            priority = 1

            mode = pass
            start_action = trap
         }
         pass-ssh-out {
            local_ts  = 0.0.0.0/0[tcp]
            remote_ts = 0.0.0.0/0[tcp/ssh]
            priority = 1

            mode = pass
            start_action = trap
         }
      }
   }
}