# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
strictcrlpolicy=yes
ca strongswan-ca
cacert=strongswanCert.pem
ocspuri1=http://bob.strongswan.org:8800
ocspuri2=http://ocsp2.strongswan.org:8880
auto=add
conn %default
keyexchange=ikev2
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
leftcert=carolCert.pem
leftid=carol@strongswan.org
conn home
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
rightid=@moon.strongswan.org
auto=add
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>