# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup

ca strongswan
	cacert=strongswanCert.pem
	certuribase=http://ip6-winnetou.strongswan.org/certs/
	crluri=http://ip6-winnetou.strongswan.org/strongswan.crl
	auto=add

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2
	fragmentation=yes
	mobike=no

conn net-net
	also=host-host
	leftsubnet=fec1::0/16
	rightsubnet=fec2::0/16

conn host-host
	left=PH_IP6_MOON
	leftcert=moonCert.pem
	leftid=@moon.strongswan.org
	leftfirewall=yes
	right=PH_IP6_SUN
	rightid=@sun.strongswan.org
	auto=add