remote 192.1.2.23 { doi ipsec_doi; situation identity_only; exchange_mode main; my_identifier asn1dn; peers_identifier fqdn "west.testing.libreswan.org"; verify_identifier off; certificate_type x509 in_keychain "aWRudAAFIXME"; verify_cert on; certificate_verification sec_framework use_peers_identifier; nonce_size 16; dpd_delay 20; dpd_retry 5; dpd_maxfail 5; dpd_algorithm dpd_blackhole_detect; initial_contact on; support_proxy on; proposal_check obey; xauth_login "use1"; mode_cfg on; ike_frag force; proposal { authentication_method xauth_rsa_client; hash_algorithm sha1; encryption_algorithm aes 256; lifetime time 3600 sec; dh_group 5; } proposal { authentication_method xauth_rsa_client; hash_algorithm sha1; encryption_algorithm aes 256; lifetime time 3600 sec; dh_group 2; } proposal { authentication_method xauth_rsa_client; hash_algorithm sha1; encryption_algorithm aes; lifetime time 3600 sec; dh_group 2; } proposal { authentication_method xauth_rsa_client; hash_algorithm md5; encryption_algorithm aes 256; lifetime time 3600 sec; dh_group 5; } proposal { authentication_method xauth_rsa_client; hash_algorithm md5; encryption_algorithm aes 256; lifetime time 3600 sec; dh_group 2; } proposal { authentication_method xauth_rsa_client; hash_algorithm md5; encryption_algorithm aes; lifetime time 3600 sec; dh_group 2; } proposal { authentication_method xauth_rsa_client; hash_algorithm sha1; encryption_algorithm 3des; lifetime time 3600 sec; dh_group 2; } proposal { authentication_method xauth_rsa_client; hash_algorithm md5; encryption_algorithm 3des; lifetime time 3600 sec; dh_group 2; } proposal { authentication_method xauth_rsa_client; hash_algorithm sha1; encryption_algorithm des; lifetime time 3600 sec; dh_group 2; } proposal { authentication_method xauth_rsa_client; hash_algorithm md5; encryption_algorithm des; lifetime time 3600 sec; dh_group 2; } }