config setup #charondebug="all" #uniqueids=yes #strictcrlpolicy=yes cachecrls=yes #ca ca-wit #define alternative CRL distribution point # cacert=ca-wit.crt # crluri=ca-wit.crl # auto=add conn %default mobike=no keyingtries=%forever dpdtimeout=10 dpddelay=3 dpdaction=restart type=transport keyexchange=ikev1 ike=aes128-sha1-modp2048! esp=aes128-sha1-modp2048! conn loopbacks auto=route leftsubnet=10.1.0.0/16 rightsubnet=10.1.0.0/16 right=%any leftcert=FQHOSTNAME.crt leftid="C=US, O=Wit, CN=FQHOSTNAME" rightid="C=US, O=Wit, CN=*"