privsep { user "racoon"; group "racoon"; chroot "/var/lib/racoon/chroot"; } path certificate "/etc/racoon/certs"; path script "/etc/racoon/script"; listen { isakmp 10.50.0.89; } remote anonymous { exchange_mode main; nat_traversal off; certificate_type plain_rsa "/etc/racoon/subaru.priv"; peers_certfile plain_rsa "orionis.pub"; proposal { encryption_algorithm blowfish; hash_algorithm sha256; authentication_method rsasig; dh_group modp2048; } } sainfo anonymous { pfs_group modp2048; lifetime time 12 hour; encryption_algorithm blowfish, twofish, camellia, aes; authentication_algorithm hmac_sha256, hmac_sha384, hmac_sha512; compression_algorithm deflate; }