config setup
    #charondebug="all"
    #uniqueids=yes
    #strictcrlpolicy=yes
    cachecrls=yes

#ca ca-wit       #define alternative CRL distribution point
#    cacert=ca-wit.crt
#    crluri=ca-wit.crl
#    auto=add

conn %default
    keyingtries=%forever
    dpdtimeout=10
    dpddelay=3
    dpdaction=restart
    type=transport
    keyexchange=ikev1
    ike=aes256-sha512-modp4096,aes128-sha1-modp2048!
    esp=aes256-sha512-modp4096,aes128-sha1-modp2048!
    leftcert=FQHOSTNAME.crt
    leftid="C=US, O=Wit, CN=FQHOSTNAME"
    rightid="C=US, O=Wit, CN=*"
    auto=route


conn loopback4
    #leftsourceip=%config4
    left=LOOPBACKv4
    leftsubnet=LOOPBACKv4
    rightsubnet=IPSEC_IPV4_SUBNETS
    right=%any4


conn loopback6
    #leftsourceip=%config6
    left=LOOPBACKv6
    leftsubnet=LOOPBACKv6
    rightsubnet=IPSEC_IPV6_SUBNETS
    right=%any6