path pre_shared_key "/usr/local/etc/racoon/psk.txt"; log debug2; padding { maximum_length 20; randomize off; strict_check off; exclusive_tail off; } #timer #{ # natt_keepalive 45 sec; # counter 5; # interval 10 sec; # persend 1; # phase1 15 sec; # phase2 10 sec; #} remote anonymous { exchange_mode main, aggressive; proposal_check obey; support_proxy on; nat_traversal on; ike_frag on; dpd_delay 40; passive on; generate_policy on; generate_policy unique; dpd_retry 2; dpd_maxfail 2; # script "/usr/local/etc/racoon/tear_down.sh" phase1_down; proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } } sainfo anonymous { encryption_algorithm aes,3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; pfs_group modp1024; }