path certificate "/etc/openssl/certs"; listen { adminsock disabled; } remote anonymous { exchange_mode aggressive; certificate_type x509 "server.crt" "server.key"; my_identifier asn1dn; proposal_check strict; generate_policy on; nat_traversal on; dpd_delay 20; ike_frag on; proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method hybrid_rsa_server; dh_group 2; } } mode_cfg { network4 10.99.99.0; pool_size 255; netmask4 255.255.255.0; auth_source system; dns4 10.0.12.1; wins4 10.0.12.1; banner "/etc/racoon/motd"; pfs_group 2; } sainfo anonymous { pfs_group 2; lifetime time 1 hour; encryption_algorithm aes; authentication_algorithm hmac_sha1; compression_algorithm deflate; }