path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
log notify;

remote 172.16.0.1 {
        proposal {
                encryption_algorithm aes;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group modp1024;
        }
        peers_identifier address 172.16.0.1;
        my_identifier address 172.17.0.1;

        passive off;
        verify_identifier on;
        lifetime time 30 min;
        exchange_mode main;
}

sainfo address 10.0.2.0/24</strong>[any] any address 10.0.1.0/24[any] any {
        pfs_group modp1024;
        encryption_algorithm aes;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}