path certificate "/etc/openssl/certs";

listen {
	adminsock disabled;
}

remote anonymous {
	exchange_mode aggressive;
	certificate_type x509 "server.crt" "server.key";
	my_identifier asn1dn;
	proposal_check obey;
	generate_policy on;
	nat_traversal on;
	dpd_delay 20;
	ike_frag on;
	script "/etc/racoon/phase1-down.sh" phase1_down;
	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method hybrid_rsa_server;
		dh_group 2;
	}
}

mode_cfg {
	network4 10.99.99.0;
	pool_size 255;
	netmask4 255.255.255.0;  
	auth_source system;
	dns4 10.0.12.1;
	wins4 10.0.12.1;
	banner "/etc/racoon/motd";
}	       
		
sainfo anonymous {
	pfs_group 2;
	lifetime time 12 hour;
	encryption_algorithm 3des, cast128, blowfish 448;
	authentication_algorithm hmac_sha1;
	compression_algorithm deflate;
}