/etc/ipsec.conf
conn vpn-sophos-xg
authby=secret
keyexchange=ikev2
left=10.85.21.6
leftid = 10.85.21.6
leftsubnet="192.168.1.0/24"
leftauth = psk
rightauth = psk
right=10.85.21.4
rightid=10.85.21.4
rightsubnet="192.168.4.0/24"
ike=aes256-sha256-modp4096!
esp=aes256-sha256-modp4096!
ikelifetime=28800s
lifetime=3600s
auto=add
conn vpn-sophos-xg-nat
authby=secret
keyexchange=ikev2
left=10.85.21.6
leftid = 10.85.21.6
leftsubnet="192.168.1.0/24"
leftauth = psk
rightauth = psk
right=10.85.21.4
rightid=10.85.21.4
rightsubnet="192.168.88.0/24"
ike=aes256-sha256-modp4096!
esp=aes256-sha256-modp4096!
ikelifetime=28800s
lifetime=3600s
auto=add
conn vpn-sophos-xg-nat-dyn
authby=secret
keyexchange=ikev2
left=%defaultroute
leftid = @ulubu.lab.intra
leftsubnet="192.168.1.0/24"
leftauth = psk
rightauth = psk
right=10.85.21.4
rightid=10.85.21.4
rightsubnet="192.168.99.0/24"
ike=aes256-sha256-modp4096!
esp=aes256-sha256-modp4096!
ikelifetime=28800s
lifetime=3600s
auto=add
/etc/ipsec.secrets
10.85.21.4 10.85.4.6 : PSK 012345-Hilde-Becker$$