# /etc/racoon/racoon.conf
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";

# racoon will look for certificate file in the directory,
# if the certificate/certificate request payload is received.
#path certificate "/etc/openssl/certs" ;

# "log" specifies logging level.  It is followed by either "notify", "debug"
# or "debug2".
#log notify;
log debug;

timer
{
  phase1 45 seconds;
  phase2 60 seconds;
}

remote anonymous {
        exchange_mode main, aggressive;
        nat_traversal on;
        generate_policy on;
        proposal_check obey;

        send_cr off;
        send_cert off;

        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }

        proposal {
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group 2;
        }

        proposal {
                encryption_algorithm aes;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }

}

# phase 2 proposal (for IPsec SA).
# actual phase 2 proposal will obey the following items:
# - kernel IPsec policy configuration (like "esp/transport//use)
# - permutation of the crypto/hash/compression algorithms presented below
sainfo anonymous
{
    pfs_group 2;
    lifetime time 30 minutes;
    encryption_algorithm aes, 3des, cast128, blowfish;
    authentication_algorithm hmac_sha1, hmac_md5;
    compression_algorithm deflate;
}