# racoon.conf file for gateway A # path certificate "/etc/racoon/certs"; path pre_shared_key "/etc/racoon/psk.txt"; log notify; listen { isakmp 172.16.72.1 [500]; }; remote 172.16.72.254 { exchange_mode main; generate_policy off; passive off; certificate_type x509 "gateway.a.example.net.cert" "gateway.a.example.net.key"; ca_type x509 "ca-cert.pem"; my_identifier asn1dn; peers_identifier asn1dn; verify_identifier on; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group modp1024; } } sainfo address 192.168.1.0/24 any address 10.42.23.0/24 any { pfs_group modp1024; encryption_algorithm aes; authentication_algorithm hmac_sha1; lifetime time 28800 sec; compression_algorithm deflate; }