path certificate "/etc/openssl/certs";
path pre_shared_key "/etc/racoon/psk.txt";
listen {
adminsock "/var/racoon/racoon.sock" "root" "operator" 0660;
}
remote 192.0.2.50 {
exchange_mode aggressive;
ca_type x509 "root-ca.crt";
proposal_check strict;
nat_traversal on;
ike_frag on;
mode_cfg on;
script "/etc/racoon/phase1-up.sh" phase1_up;
script "/etc/racoon/phase1-down.sh" phase1_down;
passive off;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method hybrid_rsa_client;
dh_group 2;
}
}
sainfo anonymous {
pfs_group 2;
lifetime time 1 hour;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}