conn algovpn-{{ IP_subject_alt_name }}
    fragmentation=yes
    rekey=no
    dpdaction=clear
    keyexchange=ikev2
    compress=no
    dpddelay=35s

    ike={{ ciphers.defaults.ike }}
    esp={{ ciphers.defaults.esp }}

    right={{ IP_subject_alt_name }}
    rightid={{ IP_subject_alt_name }}
    rightsubnet={{ rightsubnet | default('0.0.0.0/0') }}
    rightauth=pubkey

    leftsourceip=%config
    leftauth=pubkey
    leftcert={{ item }}.crt
    leftfirewall=yes
    left=%defaultroute

    auto=add