--- /dev/null
+path certificate "/etc/openssl/certs";
+path pre_shared_key "/etc/racoon/psk.txt";
+
+listen {
+ adminsock "/var/racoon/racoon.sock" "root" "operator" 0660;
+}
+
+remote 192.0.2.50 {
+ exchange_mode aggressive;
+ ca_type x509 "root-ca.crt";
+ proposal_check obey;
+ nat_traversal on;
+ ike_frag on;
+ mode_cfg on;
+ script "/etc/racoon/phase1-up.sh" phase1_up;
+ script "/etc/racoon/phase1-down.sh" phase1_down;
+ passive off;
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method hybrid_rsa_client;
+ dh_group 2;
+ }
+}
+
+
+sainfo anonymous {
+ pfs_group 2;
+ lifetime time 12 hour ;
+ encryption_algorithm 3des, cast128, blowfish 448;
+ authentication_algorithm hmac_sha1;
+ compression_algorithm deflate ;
+}