--- /dev/null
+path certificate "/etc/openssl/certs";
+
+listen {
+ adminsock disabled;
+}
+
+remote anonymous {
+ exchange_mode aggressive;
+ certificate_type x509 "server.crt" "server.key";
+ my_identifier asn1dn;
+ proposal_check obey;
+ generate_policy on;
+ nat_traversal on;
+ dpd_delay 20;
+ ike_frag on;
+ script "/etc/racoon/phase1-down.sh" phase1_down;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method hybrid_rsa_server;
+ dh_group 2;
+ }
+}
+
+mode_cfg {
+ network4 10.99.99.0;
+ pool_size 255;
+ netmask4 255.255.255.0;
+ auth_source system;
+ dns4 10.0.12.1;
+ wins4 10.0.12.1;
+ banner "/etc/racoon/motd";
+}
+
+sainfo anonymous {
+ pfs_group 2;
+ lifetime time 12 hour;
+ encryption_algorithm 3des, cast128, blowfish 448;
+ authentication_algorithm hmac_sha1;
+ compression_algorithm deflate;
+}
+