# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	strictcrlpolicy=yes

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2
	ike=aes128-sha256-ntru128,aes192-sha384-ntru192!
	esp=aes128-sha256,aes192-sha384!
	authby=pubkey
	fragmentation=yes

conn rw
	left=PH_IP_MOON
	leftsubnet=10.1.0.0/16
	leftcert=moonCert.der
	leftauth=bliss-sha512
	leftid=moon.strongswan.org
	leftfirewall=yes
	right=%any
	rightsourceip=10.3.0.0/28
	auto=add