connections {

   gw-gw {
      local_addrs  = 192.168.0.2
      remote_addrs = 192.168.0.1

      local {
         auth = pubkey
         id = sun.strongswan.org
      }
      remote {
         auth = pubkey
         id = moon.strongswan.org
      }
      children {
         net-net {
            local_ts  = 10.2.0.0/16
            remote_ts = 10.1.0.0/16

            updown = /usr/local/libexec/ipsec/_updown iptables
            esp_proposals = aes128gcm128-modp3072
         }
      }
      version = 2
      mobike = no
      proposals = aes128-sha256-modp3072
   }
}

secrets {

   pkcs12-sun {
      file = sunCert.p12
      secret = "IxjQVCF3JGI+MoPi"
   }
}