connections {
  net-net {
    local_addrs = 192.168.0.2
    remote_addrs = 192.168.0.1
    local {
      auth = psk
      id = sun.strongswan.org
    }
    remote {
      auth = psk
      id = moon.strongswan.org
    }
    children {
      net-net {
        local_ts = 192.168.200.0/24
        remote_ts = 192.168.100.0/24
        esp_proposals = aes128-sha1-modp2048
        rekey_time = 240m
      }
    }
    version = 2
    mobike = yes
    encap = no # NAT-T if needed
    proposals = aes128-sha256-x25519
    }
}
secrets {
  ike-net-net {
    id = moon.strongswan.org
    secret = simplepsk
  }
}

# Include config snippets
include conf.d/*.conf