# Racoon IKE daemon configuration file.
# See 'man racoon.conf' for a description of the format and entries.

path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

sainfo anonymous
{
	pfs_group 2;
	lifetime time 1 hour ;
	encryption_algorithm 3des, blowfish 448, rijndael ;
	authentication_algorithm hmac_sha1, hmac_md5 ;
	compression_algorithm deflate ;
}

remote anonymous
{
	exchange_mode main,aggressive;
	doi ipsec_doi;
	situation identity_only;

	my_identifier asn1dn;
	certificate_type x509 "my.cert.pem" "my.key.pem";

	nonce_size 16;
	initial_contact on;
	proposal_check obey;    # obey, strict, or claim

	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method rsasig;
		dh_group 2;
	}
}