# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2

conn rw-allow
	rightgroups=allow
	leftsubnet=10.1.0.0/28
	also=rw-eap
	auto=add

conn rw-isolate
	rightgroups=isolate
	leftsubnet=10.1.0.16/28
	also=rw-eap
	auto=add

conn rw-eap
	left=PH_IP_MOON
	leftcert=moonCert.pem
	leftid=@moon.strongswan.org
	leftauth=pubkey
	leftfirewall=yes
	rightauth=eap-radius
	rightsendcert=never
	right=%any
	eap_identity=%any