log notify;

path certificate "/etc/racoon/ssl";
path pre_shared_key "/etc/racoon/psk.txt";

listen {
  isakmp 10.1.1.1 [500]; #IP of gentoo box
  isakmp_natt 10.1.1.1 [4500];
}

remote anonymous {
	exchange_mode main,aggressive;
	my_identifier fqdn "linuxvpn.example.com";
	verify_identifier off;
	certificate_type x509 "cert.pem" "key.pem";
	ca_type x509 "ca.crt";
	ike_frag on;                    # use IKE fragmentation
	proposal_check claim;
	passive on;
	support_proxy on;
	generate_policy on;             # automatically generate IPsec policies
	nat_traversal on;            # always use NAT-T
	dpd_delay 20;                   # DPD poll every 20 seconds
	proposal {
			encryption_algorithm aes;
			hash_algorithm sha1;
			authentication_method xauth_psk_server;
#			authentication_method xauth_rsa_server;
			dh_group 2;
	}
}

sainfo anonymous {
	pfs_group 2;
	lifetime time 1 hour;
	encryption_algorithm aes, 3des;
	authentication_algorithm hmac_sha1,hmac_md5;
	compression_algorithm deflate;
}

mode_cfg {
        auth_source pam;              
        pool_size 25;                
        network4 10.2.0.2;         
        netmask4 255.255.255.0;
        dns4 10.1.1.1;           
        wins4 10.1.1.1;         
        default_domain "intern.example.com";
        split_dns "intern.examplecom";
        split_network include 10.1.0.0/16;
        banner "/etc/racoon/motd";
        pfs_group 2;
}