config setup strictcrlpolicy=no conn initiator mobike=no auto=add type=tunnel keyexchange=ikev2 ike=aes256gcm16-prfsha256-modp2048! esp=aes256gcm16-esn! lifetime=1m # local: leftauth=psk leftid=@roadwarrior1.vpn.example.com leftsubnet=192.168.5.0/24 # remote: (gateway) rightid=@vpp.home right=192.168.10.2 rightauth=psk rightsubnet=192.168.3.0/24