StrongSwan IPSec configuration file starter

ipsec.conf

config main
  interfaces=%default
  nat-ikeport=4500 # Port to use for NAT-T. This is the default value
  ikeport=500 # Port to use for IKE. This is the default value
  # listen=<ip address> # The IP address on of the host to be used by IPSec

conn <conn-name> # Name of this connection
  auto=start # Start this connection on IPSec startup
  authby=secret # Use PSK to authenticate peers
  type=tunnel
  keyexchange=ike # Change to ikev2 to use IKEv2 protocol
  connaddrfamily=ipv4 # Change to enable IPv6
  left=<left gateway IP address>
  leftid= # Default to 'left'
  leftsubnet=<left subnet address> # Use leftsubnets={subnet1 subnet2} for more that one subnet
  leftnexthope=%direct # This is the default value
  # The IP to use by the host when sending packets to the right gateway/subnet
  # This parameter is relevant only locally
  leftsourceip=
  right=<right gateway IP address>
  rightid= # Default to right if not specified
  rightsubnet=<right subnet address>
  ike=aes256-sha256;modp2048
  phase2=esp # Use ESP for phase 2. This is the default value
  esp=aes256-sha256
  dpddelay=30s # Delay between Dead Peer Detections that are sent for this connection
  dpdtimeout=120s # Length of time to wait without hearing back from peer before declaring the peer dead
  dpdaction=restart # The action to perform when the peer is dead
  aggrmode=no # Use the main mode. This is the defalt value
  rekey=yes # Automatically renegotiate expering connections. This is the default value
  rekeymargin=9m # How long before connection expires should renegotioation attempts start
  salifetime=8h # How long a particular instance of connection should last before being renegotiated
  ikelifetime=1h # How long a keying channel should last before being renegotiated
  keyingtries=%forever # Number of attempts to make to renegotiate a connection or replace existing one

ipsec.secrets

<left ip> <right ip> : PSK "your pre-shared key"