# ipsec.conf - strongSwan IPsec configuration file

config setup
	# uniqueids=never
	charondebug="cfg 2, dmn 2, ike 2, net 2"

conn %default
	keyexchange=ikev2
	ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!
	esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!
	dpdaction=clear
	dpddelay=300s
	rekey=no
	left=%any
	leftsubnet=0.0.0.0/0
	leftcert=vpnHostCert.pem
	leftid=@vpn.xxxx.nl
	leftfirewall=yes
	right=%any
	rightsourceip=10.10.10.0/24
	rightsubnet=10.10.10.0/24
	rightdns=192.192.168.50.1
#	rightsourceip=%dhcp
#	rightsubnet=192.168.50.0/24
	
conn IPSec-IKEv2
	keyexchange=ikev2
	auto=add

conn IPSec-IKEv2-EAP
	also="IPSec-IKEv2"
	rightauth=eap-mschapv2
	rightsendcert=never
	eap_identity=%any
	auto=add

conn CiscoIPSec
	keyexchange=ikev1
	# forceencaps=yes
	rightauth=pubkey
	rightauth2=xauth
	auto=add