# This file is automatically generated. Do not edit
connections {
	bypass {
		remote_addrs = 127.0.0.1
		children {
			bypasslan {
				local_ts = 192.168.1.0/24
				remote_ts = 192.168.1.0/24
				mode = pass
				start_action = trap
			}
		}
	}
	con-mobile : con-mobile-defaults {
		# Stub to load con-mobile-defaults
	}
}
con-mobile-defaults {
	fragmentation = yes
	unique = replace
	version = 2
	proposals = aes256-sha256-modp2048
	dpd_delay = 10s
	rekey_time = 25920s
	reauth_time = 0s
	over_time = 2880s
	rand_time = 2880s
	encap = no
	mobike = yes
	local_addrs = 172.21.10.103
	remote_addrs = 0.0.0.0/0,::/0
	pools = mobile-pool-v4
	send_cert = always
	local {
		id = fqdn:test.ipbgd.office
		auth = pubkey
		cert {
			file = /var/etc/ipsec/x509/cert-1.crt
		}
	}
	remote {
		id = %any
		eap_id = %any
		auth = eap-tls
		cacerts = /var/etc/ipsec/x509ca/791c09ae.0
	}
	children {
		con-mobile {
			# P2 (reqid 1): phase2
			mode = tunnel
			policies = yes
			life_time = 3600s
			rekey_time = 3240s
			rand_time = 360s
			start_action = none
			local_ts = 0.0.0.0/0
			esp_proposals = aes256gcm128-modp2048,aes256gcm96-modp2048,aes256gcm64-modp2048,aes128gcm128-modp2048,aes128-sha256-modp2048,aes128-sha384-modp2048,aes128-sha512-modp2048
			dpd_action = clear
		}
	}
}
pools {
	mobile-pool-v4 : mobile-pool {
		addrs = 192.168.42.0/24
	}
}
mobile-pool {
	# Mobile pool settings template
}
secrets {
	private-0 {
		file = /var/etc/ipsec/private/cert-1.key
	}
}