# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2

conn alice
	rightsubnet=10.1.0.10/32
	also=home
	auto=add

conn venus
	rightsubnet=10.1.0.20/32
	also=home
	auto=add

conn home
	left=%any
	leftcert=daveCert.pem
	leftauth=pubkey-sha512
	leftfirewall=yes
	right=PH_IP_MOON
	rightid=@moon.strongswan.org
	rightauth=pubkey