Racoon config that works with MacOS 10.11, iOS 8, Android 6.0

ipsec-ios.md

• Add VPN Configuration
• IPSEC
• Server: your-ip
• Account: shell user
• Password: shell password
• Use certificate: Off
• Group name: Blank
• Secret: your-strong-secret

psk.txt

*   your-strong-secret

racoon.conf

path pre_shared_key "/etc/racoon/psk.txt";

listen
{
    adminsock disabled;
    isakmp your-ip [500];
    isakmp_natt your-ip [4500];
    strict_address;
}

remote anonymous {
    exchange_mode main;
    generate_policy on;
    # we're a server only
    passive on;
    # obey is needed for android 6.0
    proposal_check obey;
    nat_traversal force;

    dpd_delay 3600;
    lifetime time 8 hour;

    proposal {
        encryption_algorithm aes;
        hash_algorithm sha1;
        dh_group modp1024;

        authentication_method xauth_psk_server;
    }
}

sainfo anonymous {
    pfs_group 2;
    encryption_algorithm aes;
    authentication_algorithm hmac_sha256, hmac_sha1;
    compression_algorithm deflate;
    lifetime time 4 hour;
}

mode_cfg {
    pfs_group 2;

    auth_source pam;
    auth_throttle 3;

    pool_size 50;

    network4 192.168.20.0;
    netmask4 255.255.255.0;

    dns4 8.8.4.4, 8.8.8.8;

    # empty file to avoid annoying banner on client
    banner "/etc/racoon/motd";

    # allow client to cache password:
    save_passwd on;
}