# Racoon IKE daemon configuration file. # See 'man racoon.conf' for a description of the format and entries. path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; sainfo anonymous { pfs_group 2; lifetime time 1 hour ; encryption_algorithm 3des, blowfish 448, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } remote anonymous { exchange_mode main,aggressive; doi ipsec_doi; situation identity_only; my_identifier asn1dn; certificate_type x509 "my.cert.pem" "my.key.pem"; nonce_size 16; initial_contact on; proposal_check obey; # obey, strict, or claim proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2; } }