conn home
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
leftid=dave@strongswan.org
right=PH_IP_MOON
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
ikelifetime=60m
keylife=20m
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
keyingtries=1
ike=blowfish256-sha2_512-modp4096!
esp=blowfish256-sha2_256!
+
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=blowfish256-sha2_512-modp4096!
esp=blowfish256-sha2_256!
keyingtries=1
ike=serpent256-sha2_512-modp4096!
esp=serpent256-sha2_256!
+
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=serpent256-sha2_512-modp4096!
esp=serpent256-sha2_256!
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=aes128-sha1-modp1536!
esp=aes128-sha!
keyingtries=1
ike=aes128-sha2_256-modp1536!
esp=aes128-sha2_256!
+
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=aes128-sha2_256-modp1536!
esp=aes128-sha2_256!
keyingtries=1
ike=twofish256-sha2_512-modp4096!
esp=twofish256-sha2_256!
+
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=twofish256-sha2_512-modp4096!
esp=twofish256-sha2_256!
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
rekeymargin=3m
keyingtries=1
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
leftid=dave@strongswan.org
right=PH_IP_MOON
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
compress=yes
conn rw
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
rekeymargin=3m
keyingtries=2
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolRevokedCert.pem
leftid=carol@strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=selfCert.der
leftsendcert=never
leftfirewall=yes
conn carol
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=selfCert.der
leftsendcert=never
leftfirewall=yes
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
dpdaction=clear
dpddelay=10
dpdtimeout=30
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
auth=ah
ike=aes128-sha
esp=aes128-sha1
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
auth=ah
ike=aes128-sha
esp=aes128-sha1
keyingtries=1
ike=3des-md5-modp1024!
esp=des-md5!
+
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=3des-md5-modp1024!
esp=des-md5!
keyingtries=1
ike=aes-128-sha
esp=null-sha1!
+
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=aes128-sha!
esp=null-sha1!
keyingtries=1
ike=3des-sha
esp=3des-sha1
+
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=aes128-sha
esp=aes128-sha1!
keyingtries=1
ike=3des-sha,aes-128-sha
esp=3des-sha1,aes-128-sha1
+
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=aes128-sha
esp=aes128-sha1!
keyingtries=1
ike=3des-md5-modp1024!
esp=des-md5!
+
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
conn rw
left=PH_IP_MOON
conn host-host
right=PH_IP_MOON
- rightnexthop=%direct
rightcert=moonCert.pem
rightid=@moon.strongswan.org
rightfirewall=yes
conn host-host
right=PH_IP_SUN
- rightnexthop=%direct
rightcert=sunCert.pem
rightfirewall=yes
rightid=@sun.strongswan.org
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
conn host-host
left=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
conn host-host
left=PH_IP_SUN
esp=aes192-sha2_256!
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=aes192-sha2_384-modp4096!
esp=aes192-sha2_256!
esp=aes256-sha2_256!
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=aes256-sha2_512-modp8192!
esp=aes256-sha2_256!
keyingtries=1
ike=3des-sha
esp=3des-sha1
+
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
rightid=@moon.strongswan.org
- auto=add
+ auto=add
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=aes128-sha!
esp=aes128-sha1
esp=3des-sha1,aes-128-sha1
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
ike=aes128-sha!
esp=aes128-sha1
conn home
left=PH_IP_CAROL
leftsourceip=%modeconfig
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn home
left=PH_IP_DAVE
leftsourceip=%modeconfig
- leftnexthop=%direct
leftcert=daveCert.pem
leftid=dave@strongswan.org
leftfirewall=yes
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftsourceip=PH_IP_MOON1
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
conn home
right=PH_IP_CAROL
rightsourceip=%modeconfig
- rightnexthop=%direct
rightcert=carolCert.pem
rightid=carol@strongswan.org
rightfirewall=yes
conn home
right=PH_IP_DAVE
rightsourceip=%modeconfig
- rightnexthop=%direct
rightcert=daveCert.pem
rightid=dave@strongswan.org
rightfirewall=yes
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
rightsourceip=PH_IP_MOON1
- rightnexthop=%direct
rightcert=moonCert.pem
rightid=@moon.strongswan.org
rightfirewall=yes
conn home
left=PH_IP_CAROL
leftsourceip=%modeconfig
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn home
left=PH_IP_DAVE
leftsourceip=%modeconfig
- leftnexthop=%direct
leftcert=daveCert.pem
leftid=dave@strongswan.org
leftfirewall=yes
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftsourceip=PH_IP_MOON1
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftsendcert=ifasked
right=PH_IP_MOON
rekeymargin=3m
keyingtries=1
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
leftsendcert=ifasked
right=PH_IP_MOON
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftsendcert=ifasked
leftid=@moon.strongswan.org
conn host-net
left=192.168.0.1
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
rekeymargin=3m
keyingtries=1
authby=secret
- leftnexthop=%direct
conn nat-t
left=PH_IP_SUN
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
conn net-net
left=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
conn net-net
left=PH_IP_SUN
rekeymargin=3m
keyingtries=1
authby=secret
- leftnexthop=%direct
conn net-net
left=PH_IP_MOON
rekeymargin=3m
keyingtries=1
authby=secret
- leftnexthop=%direct
conn net-net
left=PH_IP_SUN
rekeymargin=3m
keyingtries=1
authby=secret
- leftnexthop=%direct
conn net-net
left=PH_IP_MOON
rekeymargin=3m
keyingtries=1
authby=secret
- leftnexthop=%direct
conn net-net
left=PH_IP_SUN
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
conn net-net
left=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
conn net-net
left=PH_IP_MOON
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
conn net-net
left=PH_IP_SUN
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
conn net-net
left=PH_IP_MOON
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolRevokedCert.pem
leftid=carol@strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
conn home-icmp
left=PH_IP_CAROL
- leftnexthop=%direct
leftid=carol@strongswan.org
leftcert=carolCert.pem
leftprotoport=icmp
conn rw-icmp
left=PH_IP_MOON
- leftnexthop=%direct
leftsubnet=10.1.0.0/16
leftprotoport=icmp
leftid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=myCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
rekeymargin=3m
keyingtries=1
authby=secret
- leftnexthop=%direct
conn home
left=PH_IP_CAROL
rekeymargin=3m
keyingtries=1
authby=secret
- leftnexthop=%direct
conn rw-carol
left=PH_IP_MOON
rekeymargin=3m
keyingtries=1
authby=secret
- leftnexthop=%direct
conn home
left=PH_IP_CAROL
rekeymargin=3m
keyingtries=1
authby=secret
- leftnexthop=%direct
conn rw
left=PH_IP_MOON
rekeymargin=3m
keyingtries=1
authby=secret
- leftnexthop=%direct
conn home
left=PH_IP_CAROL
rekeymargin=3m
keyingtries=1
authby=secret
- leftnexthop=%direct
conn rw
left=PH_IP_MOON
conn home
authby=secret
left=PH_IP_CAROL
- leftnexthop=%direct
leftid=carol@strongswan.org
leftfirewall=yes
right=PH_IP_MOON
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
authby=secret
left=PH_IP_CAROL
- leftnexthop=%direct
leftid=carol@strongswan.org
leftfirewall=yes
right=PH_IP_MOON
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
leftfirewall=yes
conn rw-psk
authby=secret
left=PH_IP_MOON
- leftnexthop=%direct
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
leftfirewall=yes
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=selfCert.der
leftsendcert=never
leftfirewall=yes
conn carol
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.der
leftid=@moon.strongswan.org
leftsendcert=never
conn moon
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
conn moon
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
conn home
left=PH_IP_CAROL
leftsourceip=%modeconfig
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn home
left=PH_IP_DAVE
leftsourceip=%modeconfig
- leftnexthop=%direct
leftcert=daveCert.pem
leftid=dave@strongswan.org
leftfirewall=yes
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert-sha384.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn home
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert-sha512.pem
leftid=dave@strongswan.org
leftfirewall=yes
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert-sha256.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
right=PH_IP_CAROL
rightsourceip=PH_IP_CAROL1
- rightnexthop=%direct
rightcert=carolCert.pem
rightid=carol@strongswan.org
rightfirewall=yes
conn rw
right=PH_IP_MOON
rightsourceip=PH_IP_MOON1
- rightnexthop=%direct
rightcert=moonCert.pem
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
conn home
left=PH_IP_CAROL
leftsourceip=PH_IP_CAROL1
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn rw
left=PH_IP_MOON
leftsourceip=PH_IP_MOON1
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
conn system
left=PH_IP_ALICE
leftprotoport=tcp/ssh
- leftnexthop=%direct
authby=never
type=passthrough
right=10.1.0.254
conn wlan
left=PH_IP_ALICE
- leftnexthop=%direct
leftcert=aliceCert.pem
leftid=alice@strongswan.org
leftfirewall=yes
conn wlan
left=PH_IP_MOON1
- leftnexthop=%direct
leftsubnet=0.0.0.0/0
leftcert=moonCert.pem
leftid=@moon.strongswan.org
conn system
left=PH_IP_VENUS
leftprotoport=tcp/ssh
- leftnexthop=%direct
authby=never
type=passthrough
right=10.1.0.254
conn wlan
left=PH_IP_VENUS
- leftnexthop=%direct
leftcert=venusCert.pem
leftid=@venus.strongswan.org
leftfirewall=yes
left=PH_IP_CAROL
leftid=carol@strongswan.org
leftsourceip=%modeconfig
- leftnexthop=%direct
leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
left=PH_IP_DAVE
leftid=dave@strongswan.org
leftsourceip=%modeconfig
- leftnexthop=%direct
leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
xauth=server
left=PH_IP_MOON
leftid=@moon.strongswan.org
- leftnexthop=%direct
leftsubnet=10.1.0.0/16
leftfirewall=yes
right=%any
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftfirewall=yes
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
conn home
left=PH_IP_DAVE
- leftnexthop=%direct
leftfirewall=yes
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftsubnet=10.1.0.0/16
leftfirewall=yes
right=%any
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
left=PH_IP_CAROL
leftsourceip=%modeconfig
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn home
left=PH_IP_DAVE
leftsourceip=%modeconfig
- leftnexthop=%direct
leftcert=daveCert.pem
leftid=dave@strongswan.org
leftfirewall=yes
authby=xauthrsasig
xauth=server
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn home
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
leftid=dave@strongswan.org
leftfirewall=yes
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
right=PH_IP_CAROL
rightsourceip=%config
- rightnexthop=%direct
rightcert=carolCert.pem
rightid=carol@strongswan.org
rightfirewall=yes
conn home
right=PH_IP_DAVE
rightsourceip=%config
- rightnexthop=%direct
rightcert=daveCert.pem
rightid=dave@strongswan.org
rightfirewall=yes
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
rightsourceip=PH_IP_MOON1
- rightnexthop=%direct
rightcert=moonCert.pem
rightid=@moon.strongswan.org
rightfirewall=yes
conn home
left=PH_IP_CAROL
leftsourceip=%config
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn home
left=PH_IP_DAVE
leftsourceip=%config
- leftnexthop=%direct
leftcert=daveCert.pem
leftid=dave@strongswan.org
leftfirewall=yes
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftsourceip=PH_IP_MOON1
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolRevokedCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
keyingtries=1
keyexchange=ikev2
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
keyingtries=1
keyexchange=ikev2
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=selfCert.der
leftsendcert=never
leftfirewall=yes
conn carol
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=selfCert.der
leftsendcert=never
leftsubnet=10.1.0.0/16
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
keyexchange=ikev2
dpdaction=clear
dpddelay=10
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
keyexchange=ikev2
dpdaction=clear
dpddelay=10
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
keyexchange=ikev2
dpdaction=clear
dpddelay=10
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftfirewall=yes
leftcert=carolCert.pem
leftid=carol@strongswan.org
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftfirewall=yes
leftcert=moonCert.pem
leftid=@moon.strongswan.org
conn host-host
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
conn host-host
left=PH_IP_SUN
- leftnexthop=%direct
leftcert=sunCert.pem
leftid=@sun.strongswan.org
leftfirewall=yes
conn host-host
right=PH_IP_MOON
- rightnexthop=%direct
rightcert=moonCert.pem
rightid=@moon.strongswan.org
rightfirewall=yes
conn host-host
right=PH_IP_SUN
- rightnexthop=%direct
rightcert=sunCert.pem
rightid=@sun.strongswan.org
rightfirewall=yes
conn host-host
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
conn host-host
left=PH_IP_SUN
- leftnexthop=%direct
leftcert=sunCert.pem
leftid=@sun.strongswan.org
leftfirewall=yes
keyingtries=1
keyexchange=ikev2
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
keyingtries=1
keyexchange=ikev2
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
keyingtries=1
keyexchange=ikev2
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
keyingtries=1
keyexchange=ikev2
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
keyingtries=1
keyexchange=ikev2
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
keyingtries=1
keyexchange=ikev2
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
keyingtries=1
keyexchange=ikev2
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftsendcert=ifasked
right=PH_IP_MOON
keyingtries=1
keyexchange=ikev2
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
leftsendcert=ifasked
right=PH_IP_MOON
keyingtries=1
keyexchange=ikev2
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftsendcert=ifasked
leftid=@moon.strongswan.org
left=PH_IP_SUN
leftsubnet=10.2.0.0/16
leftfirewall=yes
- leftnexthop=%direct
right=%any
rightsubnet=10.1.0.0/16
auto=add
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
- leftnexthop=%direct
leftfirewall=yes
right=PH_IP_SUN
rightsubnet=10.2.0.0/16
leftsubnet=10.2.0.0/16
leftid=@sun.strongswan.org
leftfirewall=yes
- leftnexthop=%direct
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
rightid=@moon.strongswan.org
keylife=20m
rekeymargin=3m
keyingtries=1
- leftnexthop=%direct
keyexchange=ikev2
conn net-net
conn net-net
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
leftcert=sunCert.pem
leftid=@sun.strongswan.org
leftsubnet=10.2.0.0/16
- leftnexthop=%direct
leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
keyingtries=1
keyexchange=ikev2
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
keyingtries=1
keyexchange=ikev2
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
keyingtries=1
keyexchange=ikev2
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert-revoked.pem
leftid=carol@strongswan.org
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert-ocsp.pem
leftid=carol@strongswan.org
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
keyingtries=1
keyexchange=ikev2
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert-ifuri.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
keyingtries=1
keyexchange=ikev2
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert-ifuri.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
keyingtries=1
keyexchange=ikev2
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert-ocsp.pem
leftid=carol@strongswan.org
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
rekeymargin=3m
keyingtries=1
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
right=PH_IP_MOON
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
keyingtries=1
keyexchange=ikev2
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
keyingtries=1
keyexchange=ikev2
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
keyingtries=1
keyexchange=ikev2
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
keyingtries=1
keyexchange=ikev2
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn home
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
leftid=dave@strongswan.org
leftfirewall=yes
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftid=carol@strongswan.org
leftfirewall=yes
right=PH_IP_MOON
conn home
left=PH_IP_DAVE
- leftnexthop=%direct
leftid=dave@strongswan.org
leftfirewall=yes
right=PH_IP_MOON
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
leftfirewall=yes
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftfirewall=yes
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
conn home
left=PH_IP_DAVE
- leftnexthop=%direct
leftfirewall=yes
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftsubnet=10.1.0.0/16
leftfirewall=yes
right=%any
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftid=carol@strongswan.org
leftfirewall=yes
right=PH_IP_MOON
conn home
left=PH_IP_DAVE
- leftnexthop=%direct
leftid=dave@strongswan.org
leftfirewall=yes
right=PH_IP_MOON
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
leftfirewall=yes
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftid=carol@strongswan.org
leftfirewall=yes
right=PH_IP_MOON
conn home
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
leftid=dave@strongswan.org
leftfirewall=yes
keyingtries=1
keyexchange=ikev2
left=PH_IP_MOON
- leftnexthop=%direct
leftsubnet=10.1.0.0/16
leftfirewall=yes
right=%any
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftid=carol@strongswan.org
leftfirewall=yes
right=PH_IP_MOON
conn home
left=PH_IP_DAVE
- leftnexthop=%direct
leftid=dave@strongswan.org
leftfirewall=yes
right=PH_IP_MOON
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert-sha384.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn home
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert-sha512.pem
leftid=dave@strongswan.org
leftfirewall=yes
conn rw
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert-sha256.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes
conn home
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
leftid=dave@strongswan.org
leftfirewall=yes
rekeymargin=3m
keyingtries=1
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
keyingtries=1
keyexchange=ikev2
left=PH_IP_CAROL
- leftnexthop=%direct
leftcert=carolCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
keyingtries=1
keyexchange=ikev2
left=PH_IP_DAVE
- leftnexthop=%direct
leftcert=daveCert.pem
right=PH_IP_MOON
rightid=@moon.strongswan.org
keyingtries=1
keyexchange=ikev2
left=PH_IP_MOON
- leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org