# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup

conn %default
	ikelifetime=60m
	keylife=10s
	rekeymargin=6s
	rekeyfuzz=0%
	keyingtries=1
	keyexchange=ikev2

conn host-host
	left=PH_IP_SUN
	leftcert=sunCert.pem
	leftid=sun.strongswan.org
	right=PH_IP_MOON
	rightid=moon.strongswan.org
	ike=aes256-sha512-modp4096!
	esp=aes256-sha512-modp4096!
	type=transport
	auto=add