ipsec.conf

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
	# strictcrlpolicy=yes
	# uniqueids = no

# Add connections here.

# Sample VPN connections

conn %default
  ikelifetime=60m
  lifetime=30m
  rekeymargin=3m
  keyingtries=%forever
  mobike=no
  keyexchange=ikev2
  auto=start
  authby=secret
  type=tunnel
  ike=aes128-md5-modp1024
  esp=aes128-md5-modp1024
  dpdaction=restart


#conn sample-self-signed
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start

#conn sample-with-ca-cert
#      leftsubnet=10.1.0.0/16
#      leftcert=myCert.pem
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightid="C=CH, O=Linux strongSwan CN=peer name"
#      auto=start

#
# sip0
#

conn sip0
  leftid=@debian0.swna.disney.com
  left=%any
  leftsourceip=10.0.2.15
  leftsubnet=100.64.108.2/30
  rightid=@sip0.colliertech.org
  right=208.115.126.78
  rightsubnet=100.64.108.1/30
  keyexchange=ikev2
  authby=secret
  type=tunnel
  ike=aes128-md5-modp1024
  esp=aes128-md5-modp1024
  dpdaction=restart
  ikelifetime=7d
  lifetime=1d
  rekeymargin=2h
  keyingtries=1
  auto=start

include /var/lib/strongswan/ipsec.conf.inc