anonymous.conf   [plain text]


remote anonymous
{
        #exchange_mode main,aggressive;
        exchange_mode aggressive,main;
        doi ipsec_doi;
        situation identity_only;

        #my_identifier address;
        my_identifier user_fqdn "macuser@localhost";
        peers_identifier user_fqdn "macuser@localhost";
        #certificate_type x509 "mycert" "mypriv";

        nonce_size 16;
        lifetime time 1 min;    # sec,min,hour
        initial_contact on;
        support_mip6 on;
        proposal_check obey;    # obey, strict or claim

        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key ;
                dh_group 2 ;
        }
}

sainfo anonymous
{
	pfs_group 1;
	lifetime time 30 sec;
	encryption_algorithm aes, 3des ;
	authentication_algorithm hmac_sha1;
	compression_algorithm deflate ;
}