algo/templates/ipsec.conf.j2

config setup
    uniqueids = never # allow multiple connections per user
    charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2,  mgr 2"

conn %default
    dpdaction=clear
    dpddelay=35s
    dpdtimeout=300s
    rekey=no
    keyexchange=ikev2
    ike=aes128gcm16-sha2_256-prfsha256-ecp256!
    esp=aes128gcm16-sha2_256-ecp256!
    compress=yes
    fragmentation=yes
    
    left=%any
    leftauth=pubkey
    leftid={{ server_name }}
    leftcert={{ server_name }}.crt
    leftsendcert=always
    leftsubnet=0.0.0.0/0,::/0

    right=%any
    rightauth=pubkey
    rightsourceip=10.0.0.0/24
    rightdns=8.8.8.8,8.8.4.4

conn ikev2-pubkey
    auto=add