path pre_shared_key "/etc/racoon/psk.txt"; # adresse publique de la GW distante remote 172.16.0.2 { proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } verify_identifier on; peers_identifier address; exchange_mode main; } # communication LAN-to-LAN sainfo address 192.168.0.0/24 [any] any address 10.0.0.0/24 [any] any { pfs_group modp1024; encryption_algorithm aes,3des; authentication_algorithm hmac_sha1,hmac_md5; compression_algorithm deflate; }