path certificate "/etc/openssl/certs";
path pre_shared_key "/etc/racoon/psk.txt";

listen {
	adminsock "/var/racoon/racoon.sock" "root" "operator" 0660;
}

remote 192.0.2.50 {
        exchange_mode aggressive;
	ca_type x509 "root-ca.crt";
        proposal_check strict;
	nat_traversal on;
	ike_frag on;
	mode_cfg on;
	script "/etc/racoon/phase1-up.sh" phase1_up;
	script "/etc/racoon/phase1-down.sh" phase1_down;
	passive off;
        proposal {
                encryption_algorithm aes;
                hash_algorithm sha1;
                authentication_method hybrid_rsa_client;
                dh_group 2;
        }
}


sainfo anonymous {
        pfs_group 2;
        lifetime time 1 hour;
        encryption_algorithm aes;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate ;
}