algo/roles/vpn/templates/ipsec.conf.j2

config setup
    uniqueids = never # allow multiple connections per user
    charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2,  mgr 2"

conn %default
{% for key, value in ipsec_config.iteritems() %}
    {{ key }}={{ value }}
{% endfor %}

{% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
    ike=aes128gcm16-sha2_256-prfsha256-ecp256,aes256-sha2_256-prfsha256-modp2048!
    esp=aes128gcm16-sha2_256-ecp256,aes256-sha2_256-modp2048!
{% else %}
    ike=aes128gcm16-sha2_256-prfsha256-ecp256!
    esp=aes128gcm16-sha2_256-ecp256!
{% endif %}

    left=%any
    leftauth=pubkey
    leftid={{ IP_subject_alt_name }}
    leftcert={{ IP_subject_alt_name }}.crt
    leftsendcert=always
    leftsubnet=0.0.0.0/0,::/0

    right=%any
    rightauth=pubkey
    rightsourceip={{ vpn_network }},{{ vpn_network_ipv6 }}
{% if local_dns is defined and local_dns == "Y" %}
    rightdns={{ local_service_ip }}
{% else %}
    rightdns={% for host in dns_servers %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}
{% endif %}

conn ikev2-pubkey
    auto=add