path include "/usr/local/etc/racoon" ; path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; path certificate "/usr/local/etc/cert.3" ; log notify; remote 192.168.1.2 { exchange_mode main,aggressive; lifetime time 28800 sec; # sec,min,hour initial_contact off; certificate_type x509 "cert_spica.key" "priv_spica.key"; my_identifier asn1dn ; peers_certfile "cert_swan.key"; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig ; dh_group 2 ; } } remote 192.168.1.5 { exchange_mode main,aggressive; lifetime time 28800 sec; # sec,min,hour initial_contact off; certificate_type x509 "cert_spica.key" "priv_spica.key"; my_identifier asn1dn ; peers_certfile "cert_swan2.key"; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig ; dh_group 2 ; } } sainfo anonymous { pfs_group 2; lifetime time 12 hour ; encryption_algorithm 3des,cast128,des ; authentication_algorithm hmac_sha1,hmac_md5; compression_algorithm deflate ; }