fritz

vpncfg {
        connections {
                enabled = yes;
                conn_type = conntype_lan;
                name = "fritz-strongswan";
                always_renew = yes;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip = 10.84.252.162;
                local_virtualip = 0.0.0.0;
                remoteip = 10.84.252.33;
                remote_virtualip = 0.0.0.0;
                localid {
                       ipaddr = 10.84.252.162;
                }
                remoteid {
                       ipaddr = 10.84.252.33;
                }
                mode = phase1_mode_idp;    
                phase1ss = "alt/aes/sha";
                keytype = connkeytype_pre_shared;
                key = "suxer";
                cert_do_server_auth = no;
                use_nat_t = no;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr = 10.83.42.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2remoteid {
                        ipnet {
                                ipaddr = 10.83.33.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2ss = "esp-3des-sha/ah-no/comp-no/pfs";
                accesslist = "permit ip any 10.83.33.0 255.255.255.0";
        }  ike_forward_rules =  "udp 0.0.0.0:500 0.0.0.0:500",
        "udp 0.0.0.0:4500 0.0.0.0:4500";
        }

strongswan

• ipsec.conf

conn s2f
     authby=secret
     keyexchange=ikev1
     left=10.84.252.33
     leftsubnet=10.83.33.0/24
     right=10.84.252.162
     rightsubnet=10.83.42.0/24
     ike=aes-sha1-modp1024
     esp=3des-sha1-modp1024
     ikelifetime=3h
     keylife=1h
     auto=route

• ipsec.secrets

10.84.252.33 10.84.252.162 : PSK "suxer"