algo/roles/strongswan/templates/ipsec.conf.j2

config setup
    uniqueids=never # allow multiple connections per user
    charondebug="ike {{ strongswan_log_level }}, knl {{ strongswan_log_level }}, cfg {{ strongswan_log_level }}, net {{ strongswan_log_level }}, esp {{ strongswan_log_level }}, dmn {{ strongswan_log_level }},  mgr {{ strongswan_log_level }}"

conn %default
    fragmentation=yes
    rekey=no
    dpdaction=clear
    keyexchange=ikev2
    compress=yes
    dpddelay=35s
    lifetime=3h
    ikelifetime=12h

    ike={{ ciphers.defaults.ike }}
    esp={{ ciphers.defaults.esp }}

    left=%any
    leftauth=pubkey
    leftid={{ IP_subject_alt_name }}
    leftcert={{ IP_subject_alt_name }}.crt
    leftsendcert=always
    leftsubnet=0.0.0.0/0,::/0

    right=%any
    rightauth=pubkey
    rightsourceip={{ strongswan_network }},{{ strongswan_network_ipv6 }}
{% if algo_dns_adblocking or dns_encryption %}
    rightdns={{ local_service_ip }}{{ ',' + local_service_ipv6 if ipv6_support else '' }}
{% else %}
    rightdns={% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% if ipv6_support %},{% for host in dns_servers.ipv6 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
{% endif %}

conn ikev2-pubkey
    auto=add