path include "/usr/local/etc/racoon" ; #path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; path certificate "/usr/local/etc/cert" ; log debug; remote 192.168.0.200 { exchange_mode main,aggressive; lifetime time 28800 sec; # sec,min,hour initial_contact off; certificate_type x509 "cert_spica.key" "priv_spica.key"; my_identifier asn1dn ; peers_certfile "cert_swan.key"; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig ; dh_group 2 ; } } sainfo anonymous { pfs_group 2; lifetime time 12 hour ; encryption_algorithm 3des,cast128,des ; authentication_algorithm hmac_sha1,hmac_md5; compression_algorithm deflate ; }