# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	strictcrlpolicy=yes

ca strongswan-ca
	cacert=strongswanCert.pem
        ocspuri1=http://bob.strongswan.org:8800
	ocspuri2=http://ocsp.strongswan.org:8880
	auto=add

conn %default
	keyexchange=ikev2
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	left=PH_IP_CAROL
	leftcert=carolCert.pem
	leftid=carol@strongswan.org

conn home
	right=PH_IP_MOON
	rightsubnet=10.1.0.0/16
	rightid=@moon.strongswan.org
	auto=add