#/etc/ipsec.conf on eraser(10.1.1.1)
flush;
spdflush;
spdadd 10.1.1.1/32 10.1.1.2/32 any -P out ipsec ipcomp/transport/10.1.1.1-10.1.1.2/require 

esp/transport/10.1.1.1-10.1.1.2/require ah/transport/10.1.1.1-10.1.1.2/require;
spdadd 10.1.1.2/32 10.1.1.1/32 any -P in  ipsec ipcomp/transport/10.1.1.2-10.1.1.1/require 

esp/transport/10.1.1.2-10.1.1.1/require ah/transport/10.1.1.2-10.1.1.1/require;
#for static key
##add 10.1.1.2 10.1.1.1 ipcomp	1000 -m transport -C deflate;
##add 10.1.1.2 10.1.1.1 esp	2000 -m transport -E rijndael-cbc	"IPsecKEYIPsecKEY";
##add 10.1.1.2 10.1.1.1 ah	3000 -m transport -A keyed-sha1		"IPsecKEYIPsecKEY";
##add 10.1.1.1 10.1.1.2 ipcomp	4000 -m transport -C deflate;
##add 10.1.1.1 10.1.1.2 esp	5000 -m transport -E rijndael-cbc	"IPsecKEYIPsecKEY";
##add 10.1.1.1 10.1.1.2 ah	6000 -m transport -A keyed-sha1		"IPsecKEYIPsecKEY";

#/etc/ipsec.conf on elephant(10.1.1.2)
flush;
spdflush;
spdadd 10.1.1.1/32 10.1.1.2/32 any -P in  ipsec ipcomp/transport/10.1.1.1-10.1.1.2/require 

esp/transport/10.1.1.1-10.1.1.2/require ah/transport/10.1.1.1-10.1.1.2/require;
spdadd 10.1.1.2/32 10.1.1.1/32 any -P out ipsec ipcomp/transport/10.1.1.2-10.1.1.1/require 

esp/transport/10.1.1.2-10.1.1.1/require ah/transport/10.1.1.2-10.1.1.1/require;
#for static key
##add 10.1.1.2 10.1.1.1 ipcomp	1000 -m transport -C deflate;
##add 10.1.1.2 10.1.1.1 esp	2000 -m transport -E rijndael-cbc	"IPsecKEYIPsecKEY";
##add 10.1.1.2 10.1.1.1 ah	3000 -m transport -A keyed-sha1		"IPsecKEYIPsecKEY";
##add 10.1.1.1 10.1.1.2 ipcomp	4000 -m transport -C deflate;
##add 10.1.1.1 10.1.1.2 esp	5000 -m transport -E rijndael-cbc	"IPsecKEYIPsecKEY";
##add 10.1.1.1 10.1.1.2 ah	6000 -m transport -A keyed-sha1		"IPsecKEYIPsecKEY";

#/usr/local/etc/racoon/psk.txt on eraser
10.1.1.2 IPsecKEYIPsecKEY

#/usr/local/etc/racoon/psk.txt on elephant
10.1.1.1 IPsecKEYIPsecKEY

#/usr/local/etc/racoon/racoon.conf on any system
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;
	remote anonymous
	{
		exchange_mode aggressive ;
		lifetime time 4 hour ;
		proposal {
			encryption_algorithm rijndael;
			hash_algorithm sha1;
			authentication_method pre_shared_key ;
			dh_group 2 ;
		}
	}

	sainfo anonymous
	{
		pfs_group 2;
		lifetime time 2 hour ;
		compression_algorithm deflate ;
		encryption_algorithm rijndael ;
		authentication_algorithm hmac_sha1 ;
	}