log info;
path certificate "/usr/local/etc/ipsec";
remote 4.3.2.1
{
        exchange_mode   main;
        doi             ipsec_doi;
        situation       identity_only;
        certificate_type x509 "/usr/local/etc/ipsec/myvpncert.pem" "/usr/local/etc/ipsec/myvpnkey.pem";
        ca_type         x509 "/usr/local/etc/ipsec/company-ca-cert.pem";
        my_identifier   user_fqdn "me@company.com";
        peers_identifier fqdn "company-net.company.com";
        verify_identifier on;
        dpd_delay        180;
        passive         off;
        proposal_check  strict;
                        proposal {
                                encryption_algorithm aes256;
                                hash_algorithm          sha1;
                                authentication_method   rsasig;
                                lifetime time           2700 sec;
                                dh_group               modp1536;
                        }
}
sainfo  (address 192.168.2.0/24 any address 192.168.1.0/24 any) {
        pfs_group       modp1536;
        lifetime        time    2700 sec;
        encryption_algorithm    aes;
        authentication_algorithm hmac_sha1;
        compression_algorithm   deflate;
}
listen {
	# socket used for communication between racoon and racoonctl
        adminsock "/var/db/racoon/racoon.sock" "root" "operator" 0660;
}