| path certificate "/etc/openssl/certs"; |
| |
| listen { |
| adminsock disabled; |
| } |
| |
| remote anonymous { |
| exchange_mode aggressive; |
| certificate_type x509 "server.crt" "server.key"; |
| my_identifier asn1dn; |
| proposal_check strict; |
| generate_policy on; |
| nat_traversal on; |
| dpd_delay 20; |
| ike_frag on; |
| proposal { |
| encryption_algorithm aes; |
| hash_algorithm sha1; |
| authentication_method hybrid_rsa_server; |
| dh_group 2; |
| } |
| } |
| |
| mode_cfg { |
| network4 10.99.99.0; |
| pool_size 255; |
| netmask4 255.255.255.0; |
| auth_source system; |
| dns4 10.0.12.1; |
| wins4 10.0.12.1; |
| banner "/etc/racoon/motd"; |
| pfs_group 2; |
| } |
| |
| sainfo anonymous { |
| pfs_group 2; |
| lifetime time 1 hour; |
| encryption_algorithm aes; |
| authentication_algorithm hmac_sha1; |
| compression_algorithm deflate; |
| } |
| |