pinecrypt-gateway-backend/pinecrypt/server/templates/ipsec.conf

config setup
  strictcrlpolicy=yes
  charondebug="cfg 2"

ca authority
  auto=add
  cacert=/server-secrets/ca_cert.pem
  ocspuri=http://127.0.0.1:5001/api/ocsp

conn s2c
  auto=add
  keyexchange=ikev2
  left={{ authority_namespace }}
  leftsendcert=always
  leftallowany=yes
  leftcert=/server-secrets/self_cert.pem
  leftsubnet={% for subnet in push %}{{ subnet }},{% endfor %}
  leftupdown=/helpers/updown.py
  right=%any
  rightsourceip={{ slot4 }}{% if slot6 %},{{ slot6 }}{% endif %}
  ike={{ strongswan_ike }}!
  esp={{ strongswan_esp }}!