hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
[strongswan.git] / testing / tests / ipv6 / net2net-rfc3779-ikev2 / hosts / moon / etc / ipsec.conf
1 # /etc/ipsec.conf - strongSwan IPsec configuration file
2
3 config setup
4         strictcrlpolicy=no
5         crlcheckinterval=180
6         plutostart=no
7
8 conn %default
9         ikelifetime=60m
10         keylife=20m
11         rekeymargin=3m
12         keyingtries=1
13         keyexchange=ikev2
14         mobike=no
15
16 conn net-net
17         also=host-host
18         leftsubnet=fec1::0/16
19         rightsubnet=0::0/0
20
21 conn host-host
22         left=PH_IP6_MOON
23         leftcert=moonCert.pem
24         leftid=@moon.strongswan.org
25         leftfirewall=yes
26         right=PH_IP6_SUN
27         rightid=@sun.strongswan.org
28         auto=add