# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2

conn nat-t
	left=%any
	leftcert=aliceCert.pem
	leftid=alice@strongswan.org
	leftsourceip=%config
	right=PH_IP_SUN
	rightid=@sun.strongswan.org
	rightsubnet=0.0.0.0/0
	auto=add

conn local-net
	leftsubnet=10.1.0.0/16
	rightsubnet=10.1.0.0/16
	authby=never
	type=pass
	auto=route