config setup
  strictcrlpolicy=no

conn initiator
  mobike=no
  auto=add
  type=tunnel
  keyexchange=ikev2
  ike=aes256gcm16-prfsha256-modp2048!
  esp=aes256gcm16-esn!
  lifetime=1h

# local:
  leftauth=psk
  leftid=@roadwarrior.vpn.example.com
  leftsubnet=192.168.5.0/24

# remote: (gateway)
  rightid=@vpp.home
  right=192.168.10.2
  rightauth=psk
  rightsubnet=192.168.3.0/24