path include "@sysconfdir_x@/racoon";
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
path certificate "@sysconfdir_x@/cert";
padding
{
}
listen
{
         isakmp A.A.A.A [500];
}
timer
{
        phase1 30 sec;
        phase2 15 sec;
}

# сервер B

remote B.B.B.B
{
        my_identifier address A.A.A.A;
        peers_identifier address B.B.B.B;
        exchange_mode main;
        doi ipsec_doi;
        situation identity_only;

         nonce_size 16;
         lifetime time 86400 sec;
         initial_contact on;
         support_proxy on;

        proposal {
                encryption_algorithm aes 256;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 5;
        }
}

sainfo  subnet 10.0.1.0/24 any subnet 10.0.2.0/24 any
{
        pfs_group 5;
        lifetime time 24 hour;
        encryption_algorithm aes 256;
        authentication_algorithm hmac_sha1, hmac_md5;
        compression_algorithm deflate;
}

# сервер C

remote C.C.C.C
{
        my_identifier address A.A.A.A;
        peers_identifier address C.C.C.C;
        exchange_mode main;
        doi ipsec_doi;
        situation identity_only;

         nonce_size 16;
         lifetime time 86400 sec;
         initial_contact on;
         support_proxy on;

        proposal {
                encryption_algorithm aes 256;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 5;
        }
}

sainfo  subnet 10.0.1.0/24 any subnet 10.0.3.0/24 any
{
        pfs_group 5;
        lifetime time 24 hour;
        encryption_algorithm aes 256;
        authentication_algorithm hmac_sha1, hmac_md5;
        compression_algorithm deflate;
}