connections {
net-net {
local_addrs = fec0::2
remote_addrs = fec0::1
local {
auth = pubkey
certs = sunCert.pem
id = sun.strongswan.org
}
remote {
auth = pubkey
id = moon.strongswan.org
}
children {
net-net {
local_ts = fec2::0/16
remote_ts = fec1::0/16
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128-sha256-x25519
}
}
version = 1
proposals = aes128-sha256-x25519
}
}
authorities {
strongswan {
cacert = strongswanCert.pem
crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
}
}
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>