1path certificate "/etc/openssl/certs";
2
3listen {
4	adminsock disabled;
5}
6
7remote anonymous {
8	exchange_mode aggressive;
9	certificate_type x509 "server.crt" "server.key";
10	my_identifier asn1dn;
11	proposal_check strict;
12	generate_policy on;
13	nat_traversal on;
14	dpd_delay 20;
15	ike_frag on;
16	proposal {
17		encryption_algorithm aes;
18		hash_algorithm sha1;
19		authentication_method hybrid_rsa_server;
20		dh_group 2;
21	}
22}
23
24mode_cfg {
25	pool_size 255;
26	auth_source radius;
27	conf_source radius;
28	accounting radius;
29	dns4 10.0.12.1;
30	wins4 10.0.12.1;
31	banner "/etc/racoon/motd";
32	pfs_group 2;
33}
34
35sainfo anonymous {
36	pfs_group 2;
37	lifetime time 1 hour;
38	encryption_algorithm aes;
39	authentication_algorithm hmac_sha1;
40	compression_algorithm deflate;
41}
42
43