| #path certificate ""; |
| path certificate "/"; |
| |
| sainfo anonymous { |
| encryption_algorithm aes, 3des; |
| authentication_algorithm hmac_sha1, hmac_md5; |
| compression_algorithm deflate; |
| lifetime time 3600 sec; |
| } |
| |
| remote anonymous { |
| exchange_mode main; |
| doi ipsec_doi; |
| situation identity_only; |
| ike_frag on; |
| generate_policy on; |
| my_identifier asn1dn; |
| nat_traversal on; # always use NAT-T |
| ca_type x509 "ca.crt"; |
| certificate_type x509 "user.crt" "user.key"; |
| verify_identifier off; |
| verify_cert on; |
| nonce_size 16; |
| initial_contact on; |
| proposal_check obey; |
| |
| proposal { |
| authentication_method rsasig; |
| hash_algorithm sha1; |
| encryption_algorithm 3des; |
| lifetime time 3600 sec; |
| dh_group 2; |
| } |
| } |
| |