path certificate "/etc/openssl/certs";
listen {
adminsock disabled;
}
remote anonymous {
exchange_mode aggressive;
certificate_type x509 "server.crt" "server.key";
my_identifier asn1dn;
proposal_check strict;
generate_policy on;
nat_traversal on;
dpd_delay 20;
ike_frag on;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method hybrid_rsa_server;
dh_group 2;
}
}
mode_cfg {
network4 10.99.99.0;
pool_size 255;
netmask4 255.255.255.0;
auth_source system;
dns4 10.0.12.1;
wins4 10.0.12.1;
banner "/etc/racoon/motd";
pfs_group 2;
}
sainfo anonymous {
pfs_group 2;
lifetime time 1 hour;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}