# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
#charondebug="cfg 3, dmn 3, ike 3, net 3, chd 3, mgr 3"
#strictcrlpolicy=yes
uniqueids=no
# Add connections here.
conn %default
ike=aes256-sha256-modp1024
esp=aes256-sha256
ikelifetime=600m
keylife=600m
reauth=no
rekey=yes
#rekeymargin=3m
keyingtries=%forever
closeaction=restart
compress=yes
dpdaction=restart
dpddelay=20s
dpdtimeout=60s
mobike=yes
conn xauth-roadwarrior-ipsec-server
keyexchange=ikev1
authby=psk
type=tunnel
forceencaps=yes # force all to be nat'ed. because of iOS
left=%defaultroute
leftid=@ciscoauth
leftsubnet=0.0.0.0/0,::/0
right=%any
rightauth2=xauth
rightsourceip=10.31.1.0/24
rightdns=8.8.8.8,8.8.4.4
auto=add
conn kiev
keyexchange=ikev1
ike=aes256-sha512-modp4096
esp=aes256-sha256
authby=psk
type=tunnel
left=xx.xx.xx.xx
leftsubnet=10.200.0.0/16
leftsourceip=10.200.255.254
right=yy.yy.yy.yy
rightsubnet=192.168.0.0/24
#rightsourceip=192.168.0.1
auto=start
include /var/lib/strongswan/ipsec.conf.inc