racoon.conf revision 1.1.1.1
1path certificate "/etc/openssl/certs"; 2 3listen { 4 adminsock disabled; 5} 6 7remote anonymous { 8 exchange_mode aggressive; 9 certificate_type x509 "server.crt" "server.key"; 10 my_identifier asn1dn; 11 proposal_check obey; 12 generate_policy on; 13 nat_traversal on; 14 dpd_delay 20; 15 ike_frag on; 16 script "/etc/racoon/phase1-down.sh" phase1_down; 17 proposal { 18 encryption_algorithm 3des; 19 hash_algorithm sha1; 20 authentication_method hybrid_rsa_server; 21 dh_group 2; 22 } 23} 24 25mode_cfg { 26 network4 10.99.99.0; 27 pool_size 255; 28 netmask4 255.255.255.0; 29 auth_source system; 30 dns4 10.0.12.1; 31 wins4 10.0.12.1; 32 banner "/etc/racoon/motd"; 33} 34 35sainfo anonymous { 36 pfs_group 2; 37 lifetime time 12 hour; 38 encryption_algorithm 3des, cast128, blowfish 448; 39 authentication_algorithm hmac_sha1; 40 compression_algorithm deflate; 41} 42 43