config setup #strictcrlpolicy=yes cachecrls=yes conn %default #keyexchange=ikev1 keyingtries=%forever dpdtimeout=9 dpddelay=2 dpdaction=hold #closeaction=none type=transport ike=aes256-sha512-modp4096,aes128-sha1-modp2048! esp=aes256-sha512-modp4096,aes128-sha1-modp2048! leftcert=FQHOSTNAME.crt leftid="C=US, O=Wit, CN=FQHOSTNAME" rightid="C=US, O=Wit, CN=*" auto=route conn local4 left=LOOPBACKv4 leftsubnet=LOOPBACKv4 right=LOOPBACKv4 rightsubnet=LOOPBACKv4 auth=none type=passthrough conn loopback4 left=LOOPBACKv4 leftsubnet=LOOPBACKv4 right=IPSEC_IPV4_SUBNETS rightsubnet=IPSEC_IPV4_SUBNETS conn local6 left=LOOPBACKv6 leftsubnet=LOOPBACKv6 right=LOOPBACKv6 rightsubnet=LOOPBACKv6 auth=none type=passthrough conn loopback6 left=LOOPBACKv6 leftsubnet=LOOPBACKv6 right=%any6 rightsubnet=IPSEC_IPV6_SUBNETS