config setup
        charondebug="all"
        strictcrlpolicy=no
        uniqueids=yes
conn server
        type=tunnel
        auto=start
        keyexchange=ikev2
        authby=pubkey
        left=<server static IP address>
        leftcert=server.cert.pem
        ike=aes256-sha1-modp1024!
        esp=aes256-sha1!
        aggressive=no
        keyingtries=%forever
        ikelifetime=28800s
        lifetime=3600s
        dpddelay=30s
        dpdtimeout=120s
        dpdaction=restart
        rightsourceip=<virtual IP subnet for clients>