| path certificate "/etc/openssl/certs"; |
| path pre_shared_key "/etc/racoon/psk.txt"; |
| |
| listen { |
| adminsock "/var/racoon/racoon.sock" "root" "operator" 0660; |
| } |
| |
| remote 192.0.2.50 { |
| exchange_mode aggressive; |
| ca_type x509 "root-ca.crt"; |
| proposal_check strict; |
| nat_traversal on; |
| ike_frag on; |
| mode_cfg on; |
| script "/etc/racoon/phase1-up.sh" phase1_up; |
| script "/etc/racoon/phase1-down.sh" phase1_down; |
| passive off; |
| proposal { |
| encryption_algorithm aes; |
| hash_algorithm sha1; |
| authentication_method hybrid_rsa_client; |
| dh_group 2; |
| } |
| } |
| |
| |
| sainfo anonymous { |
| pfs_group 2; |
| lifetime time 1 hour; |
| encryption_algorithm aes; |
| authentication_algorithm hmac_sha1; |
| compression_algorithm deflate ; |
| } |