ipsec.conf

version 2
config setup
        strictcrlpolicy=no
        charondebug="ike 2, knl 2, cfg 2, mgr 2, chd 2, lib 2, net 2"

conn %default
        ikelifetime=1440m
        keylife=60m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
        authby=xauthpsk

conn home
        keyexchange=ikev1
        ikelifetime=1440m
        keylife=60m
        aggressive=yes
        ike=aes-sha1-modp1024     #Phase1 parameters
        esp=aes128-sha1-modp1024        #Phase2 parameters
        xauth=client              #Xauth client mode
        left=%and
        leftid=userid
        leftsourceip=%config
        leftauth=psk
        rightauth=psk
        leftauth2=xauth          #use PSK for group RA and Xauth for user cisco
        right=10.3.0.2
        rightsubnet=0.0.0.0/0
        xauth_identity=user-pass
        auto=route
        dpdaction=restart
        dpddelay=30s
        dpdtimeout=150s
        type=tunnel
        leftupdown=/scripts/tun_updown.sh