# Add this to racoon.conf tail
remote 192.168.2.20
{
	exchange_mode main;
	my_identifier address;
	peers_identifier address;
	situation identity_only;
	send_cert off;
	send_cr off;
	verify_cert off;
	passive on;
	generate_policy on;
	#proposal_check obey;
	proposal_check strict;	# obey, strict or claim
	proposal {
		#encryption_algorithm 3des;
		#encryption_algorithm blowfish 128;
		#encryption_algorithm NOT_twofish ;
		#encryption_algorithm cast128 ;
		#encryption_algorithm rijndael;
		encryption_algorithm rijndael 256;
		#hash_algorithm sha1;
		hash_algorithm sha2_256;
		#hash_algorithm sha2_512;
		authentication_method pre_shared_key ;
		#dh_group 2 ;
		dh_group modp2048 ;
		#dh_group modp3072;
		#dh_group modp4096;
	}
}
sainfo address 10.1.23.0/24 any address 10.1.20.0/24 any
{
	pfs_group modp1536;
	#pfs_group modp2048;
	lifetime time 28800 sec;
	# NOT_twofish
	encryption_algorithm blowfish 128, cast128, rijndael, 3des ;
	#authentication_algorithm hmac_sha1, hmac_sha2_256, hmac_sha2_512;
	authentication_algorithm hmac_sha1, hmac_md5 ;
	compression_algorithm deflate;
}