gw-gw {
      # UK
      local_addrs  = 57.128.171.43
      # DE
      remote_addrs = 135.125.133.51

#      vips = 172.16.1.243
       vips = 0.0.0.0

#      pools = v4_vps-de

      local {
         auth = pubkey
         pubkeys = vps_uk-PubKey-ed25519.pem
#         certs = vps_uk-Cert-ed25519-sign_ca-ed25519.pem
#        certs = vps_uk-Cert-dilithium5-sign_ca-falcon1024.pem
         id = vps.uk.ipv10.net
      }
      remote {
         auth = pubkey
         pubkeys = vps_de-PubKey-ed25519.pem
#         certs = vpsCert-dilithium5-sign_ca-falcon1024.pem
         id = vps.zw3b.eu
      }
      children {
         net-net {
#            local_ts  = 10.171.43.0/24
#            remote_ts = 10.133.51.0/24

#            updown = /usr/local/libexec/ipsec/_updown iptables
#            esp_proposals = aes128gcm128-ecp256
            esp_proposals = aes256-sha256-x25519-ke1_kyber3-ke2_bike3-ke3_hqc3-ke3_none-ke4_hqc5-ke4_none
         }
      }
      version = 2
      mobike = no
#      proposals = aes128-sha256-ecp256
      proposals = aes256-sha256-x25519-ke1_kyber3-ke1_frodoa3-ke2_bike3-ke2_hqc3-ke3_hqc3-ke3_none-ke4_hqc5-ke4_none
}