# /usr/local/strongswan/etc/ipsec.conf - Strongswan IPsec configuration file

config setup
	# setup items now go into strongswan.conf for version 5+

ca servers
	auto=add

conn %default
  ikelifetime=60m
  keylife=20m
  rekeymargin=3m
  keyingtries=1
  keyexchange=ikev1
  auto=add

conn xauth-x509
  left=192.1.2.45
  leftid=@west
  keyexchange=ikev1
  rightauth=pubkey
  rightauth2=xauth-pam
  leftid=@ipsec.surfeasy.mobi
  leftsubnet=0.0.0.0/0
  leftfirewall=no
  leftcert=/testing/baseconfigs/east/etc/ipsec.d/cert
  right=%any
  rightsubnet=10.253.0.0/16
  rightsourceip=10.253.0.0/16
  # Require all subject fields to be matched by star
  # As well as CA's pull in
  rightid="C=*, ST=*, L=*, O=*, CN=*, E=*"
  fragmentation=yes
  auto=add
  # resulting in hanging connections for iOS
  # Not sure on the root cause of why though
  # dpddelay=30
  # dpdtimeout=120
  # dpdaction=clear

#strongswan cannot include this, due to incompatible options
#include	/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common