# /etc/strongswan.conf - strongSwan configuration file

charon {
  load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac vici kernel-netlink socket-default updown attr

  start-scripts {
    creds = /usr/local/sbin/swanctl --load-creds
    pools = /usr/local/sbin/swanctl --load-pools 
    conns = /usr/local/sbin/swanctl --load-conns
  } 
  dns1 = PH_IP_WINNETOU
  dns2 = PH_IP_VENUS

  plugins {
    ipseckey {
      enable = yes
    }
    unbound {
      trust_anchors = /etc/swanctl/dnssec.keys
    }
  }
}