# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        # strictcrlpolicy=yes
        # uniqueids = no

# Add connections here.

# Sample VPN connections
conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2

#conn default
#        eap_identity=%identity
#        left=%any
#        leftsubnet=10.0.0.0/8,1.1.1.1/32
#        leftid=u2agw.u2a.xyz
#        leftauth=pubkey
#        #leftfirewall=yes
#        #leftupdown=/usr/libexec/ipsec/_updown
#        rightauth=eap-radius
#        rightid=%any
#        rightsendcert=always
#        right=%any
#        rightsourceip = %dhcp
#        auto=add

conn default_cert1
        #eap_identity=%any
        left=%any
        leftsubnet=10.11.0.0/16
        leftid=u2agw.u2a.xyz
        leftauth=pubkey
        #leftfirewall=yes
        leftupdown=/usr/libexec/ipsec/_updownCert
        rightauth=pubkey
        rightid=%any
        rightsendcert=always
        right=%any
        rightsourceip = %dhcp
        auto=add

conn default_cert
        #eap_identity=%any
        left=%any
        leftsubnet=10.10.0.0/16
        leftid=u2agw.u2a.xyz
        leftauth=pubkey
        #leftfirewall=yes
        leftupdown=/usr/libexec/ipsec/_updownCert
        rightauth=pubkey
        rightid=%any
        rightsendcert=always
        right=%any
        rightsourceip = %dhcp
        auto=add