config setup
strictcrlpolicy=no
charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2"
uniqueids=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=%forever
keyexchange=ikev2
mobike=no
authby=rsasig
closeaction=clear
dpdaction=clear
dpdtimeout=20s
fragmentation=yes
conn vs-nj-net-gw01
left=%defaultroute
leftsubnet=10.10.0.0/24
leftid=@LEFT_SERVER_ID
right=52.144.XXX.XXX
rightsubnet=10.30.0.0/24
rightid=@RIGHT_SERVER_ID
authby=psk
auto=add
conn ikev2-vpn-certauth-pc
auto=add
mobike=yes
compress=no
type=tunnel
keyexchange=ikev2 fragmentation=yes
forceencaps=yes
ike=aes256-sha1-modp1024,3des-sha1-modp1024!
esp=aes256-sha1,3des-sha1-modp1024!
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftauth=pubkey
leftid=91.231.ХХХ.ХХХ
leftcert=server-cert.pem
leftsendcert=always
leftsubnet=10.10.0.0/16
lefthostaccess=yes
leftfirewall=yes
right=%any
rightid=%any
rightsourceip=10.90.50.0/24
rightdns=1.1.1.1
rightsendcert=never
rightfirewall=yes
https://directaccess.richardhicks.com/2019/03/14/a...