rootdir/etc/racoon/racoon.conf - AOSPA/android_system_core - Gitiles

 #path certificate "";
 path certificate "/";

 sainfo anonymous {
    encryption_algorithm aes, 3des;
    authentication_algorithm hmac_sha1, hmac_md5;
    compression_algorithm deflate;
    lifetime time 3600 sec;
 }

 remote anonymous {
    exchange_mode main;
    doi ipsec_doi;
    situation identity_only;
    ike_frag on;
    generate_policy on;
    my_identifier asn1dn;
    nat_traversal on; # always use NAT-T
    ca_type x509 "ca.crt";
    certificate_type x509 "user.crt" "user.key";
    verify_identifier off;
    verify_cert on;
    nonce_size 16;
    initial_contact on;
    proposal_check obey;

    proposal {
       authentication_method rsasig;
       hash_algorithm sha1;
       encryption_algorithm 3des;
       lifetime time 3600 sec;
       dh_group 2;
    }
 }
	#path certificate "";
	path certificate "/";

	sainfo anonymous {
	encryption_algorithm aes, 3des;
	authentication_algorithm hmac_sha1, hmac_md5;
	compression_algorithm deflate;
	lifetime time 3600 sec;
	}

	remote anonymous {
	exchange_mode main;
	doi ipsec_doi;
	situation identity_only;
	ike_frag on;
	generate_policy on;
	my_identifier asn1dn;
	nat_traversal on; # always use NAT-T
	ca_type x509 "ca.crt";
	certificate_type x509 "user.crt" "user.key";
	verify_identifier off;
	verify_cert on;
	nonce_size 16;
	initial_contact on;
	proposal_check obey;

	proposal {
	authentication_method rsasig;
	hash_algorithm sha1;
	encryption_algorithm 3des;
	lifetime time 3600 sec;
	dh_group 2;
	}
	}