# /etc/strongswan.conf - strongSwan configuration file

charon {
  load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default tnc-pdp tnc-tnccs tnc-imc tnc-imv tnccs-20 

  start-scripts {
    creds = /usr/local/sbin/swanctl --load-creds 
  }
  syslog {
    auth {
      default = 0
    }
    daemon {
      tnc = 2 
      imc = 2
      imv = 2
    }
  }
  plugins {
    tnc-pdp {
      server = sun.strongswan.org
      radius {
        enable = no
      }
    }
    tnccs-20 {
      mutual = yes
    }
  }
}

libtls {
  suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
}

libimcv {
  plugins {
    imc-test {
      command = allow 
    }
    imv-test {
      rounds = 1 
    }   
  }
}