# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2

conn host-host
	left=PH_IP_SUN
	leftcert=sunCert.pem
	leftid=sun.strongswan.org
	right=PH_IP_MOON
	rightid=moon.strongswan.org
	ike=aes256-sha512-modp4096!
	esp=aes256-sha512-modp4096!
	auto=add
	type=transport