# /etc/ipsec.conf - strongSwan IPsec configuration file

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2

conn home
	left=PH_IP_CAROL
	leftcert=carolCert.pem
	leftauth=eap
	leftfirewall=yes
	right=PH_IP_MOON
	rightid="C=CH, O=strongSwan Project, CN=moon.strongswan.org"
	rightsubnet=10.1.0.0/16
	rightauth=pubkey
	aaa_identity="C=CH, O=strongSwan Project, CN=aaa.strongswan.org"
	auto=add