# /etc/ipsec.conf - strongSwan IPsec configuration file

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2
	mobike=no

conn dscp-be
	leftid=@moon-be
	rightid=@sun-be
	mark=10
	also=net-net
	auto=add

conn dscp-ef
	leftid=@moon-ef
	rightid=@sun-ef
	mark=20
	also=net-net
	auto=add

conn net-net
	left=PH_IP_MOON
	leftsubnet=10.1.0.0/16
	leftfirewall=yes
	leftauth=psk
	right=PH_IP_SUN
	rightsubnet=10.2.0.0/16
	rightauth=psk