+++ /dev/null
-path certificate "/etc/openssl/certs";
-
-listen {
- adminsock disabled;
-}
-
-remote anonymous {
- exchange_mode aggressive;
- certificate_type x509 "server.crt" "server.key";
- my_identifier asn1dn;
- proposal_check obey;
- generate_policy on;
- nat_traversal on;
- dpd_delay 20;
- ike_frag on;
- script "/etc/racoon/phase1-down.sh" phase1_down;
- proposal {
- encryption_algorithm 3des;
- hash_algorithm sha1;
- authentication_method hybrid_rsa_server;
- dh_group 2;
- }
-}
-
-mode_cfg {
- network4 10.99.99.0;
- pool_size 255;
- netmask4 255.255.255.0;
- auth_source system;
- dns4 10.0.12.1;
- wins4 10.0.12.1;
- banner "/etc/racoon/motd";
-}
-
-sainfo anonymous {
- pfs_group 2;
- lifetime time 12 hour;
- encryption_algorithm 3des, cast128, blowfish 448;
- authentication_algorithm hmac_sha1;
- compression_algorithm deflate;
-}
-