# /etc/strongswan.conf - strongSwan configuration file

charon {
  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve

  start-scripts {
    creds = /usr/local/sbin/swanctl --load-creds
    conns = /usr/local/sbin/swanctl --load-conns
  } 

  plugins {
    ipseckey {
      enable = yes
    }
    unbound {
      trust_anchors = /etc/swanctl/dnssec.keys
    }
  }
}