diff --git a/config.cfg b/config.cfg
index 06917655..792aae70 100644
--- a/config.cfg
+++ b/config.cfg
@@ -52,14 +52,6 @@ strongswan_enabled_plugins:
   - stroke
   - x509
 
-ipsec_config:
-  dpdaction: 'clear'
-  dpddelay: '35s'
-  rekey: 'no'
-  keyexchange: 'ikev2'
-  compress: 'yes'
-  fragmentation: 'yes'
-
 ec2_vpc_nets:
   cidr_block: 172.251.0.0/23
   subnet_cidr: 172.251.1.0/24
diff --git a/roles/vpn/templates/client_ipsec.conf.j2 b/roles/vpn/templates/client_ipsec.conf.j2
index 2e97c36b..32a71f79 100644
--- a/roles/vpn/templates/client_ipsec.conf.j2
+++ b/roles/vpn/templates/client_ipsec.conf.j2
@@ -1,7 +1,10 @@
 conn ikev2-{{ IP_subject_alt_name }}
-{% for key, value in ipsec_config.iteritems() %}
-    {{ key }}={{ value }}
-{% endfor %}
+    fragmentation=yes
+    rekey=no
+    dpdaction=clear
+    keyexchange=ikev2
+    compress=yes
+    dpddelay=35s
 
 {% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
     ike=aes128gcm16-sha2_256-prfsha256-ecp256,aes256-sha2_256-prfsha256-modp2048!
diff --git a/roles/vpn/templates/ipsec.conf.j2 b/roles/vpn/templates/ipsec.conf.j2
index 6b60e36e..1b3aa7f5 100644
--- a/roles/vpn/templates/ipsec.conf.j2
+++ b/roles/vpn/templates/ipsec.conf.j2
@@ -3,9 +3,12 @@ config setup
     charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2,  mgr 2"
 
 conn %default
-{% for key, value in ipsec_config.iteritems() %}
-    {{ key }}={{ value }}
-{% endfor %}
+    fragmentation=yes
+    rekey=no
+    dpdaction=clear
+    keyexchange=ikev2
+    compress=yes
+    dpddelay=35s
 
 {% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
     ike=aes128gcm16-sha2_256-prfsha256-ecp256,aes256-sha2_256-prfsha256-modp2048!