mmb/ipsec.conf

## ipsec.conf
config setup
    uniqueids=no
    charondebug="enc 0, ike 2, knl 0, net 0"

conn ipsec-10.0.16.1/20
    leftcert=instance_certificate.pem
    auto=route
    keyexchange=ike
    esp=aes128gcm16!
    type=transport
    leftsubnet={selfip}/32
    rightsubnet=10.0.16.1/20
    mobike=no


conn no-ipsec-10.0.16.1/32
    auto=route
    type=passthrough
    rightsubnet=10.0.16.1/32

conn no-ipsec-10.0.16.10/32
    auto=route
    type=passthrough
    rightsubnet=10.0.16.10/32
	config setup
	uniqueids=no
	charondebug="enc 0, ike 2, knl 0, net 0"

	conn ipsec-10.0.16.1/20
	leftcert=instance_certificate.pem
	auto=route
	keyexchange=ike
	esp=aes128gcm16!
	type=transport
	leftsubnet={selfip}/32
	rightsubnet=10.0.16.1/20
	mobike=no


	conn no-ipsec-10.0.16.1/32
	auto=route
	type=passthrough
	rightsubnet=10.0.16.1/32

	conn no-ipsec-10.0.16.10/32
	auto=route
	type=passthrough
	rightsubnet=10.0.16.10/32