xref: /external/ipsec-tools/src/racoon/samples/roadwarrior/server/racoon.conf

path certificate "/etc/openssl/certs";

listen {
	adminsock disabled;
}

remote anonymous {
	exchange_mode aggressive;
	certificate_type x509 "server.crt" "server.key";
	my_identifier asn1dn;
	proposal_check strict;
	generate_policy on;
	nat_traversal on;
	dpd_delay 20;
	ike_frag on;
	proposal {
		encryption_algorithm aes;
		hash_algorithm sha1;
		authentication_method hybrid_rsa_server;
		dh_group 2;
	}
}

mode_cfg {
	network4 10.99.99.0;
	pool_size 255;
	netmask4 255.255.255.0;
	auth_source system;
	dns4 10.0.12.1;
	wins4 10.0.12.1;
	banner "/etc/racoon/motd";
	pfs_group 2;
}

sainfo anonymous {
	pfs_group 2;
	lifetime time 1 hour;
	encryption_algorithm aes;
	authentication_algorithm hmac_sha1;
	compression_algorithm deflate;
}