Some (broken) firewalls do not properly pass UDP fragments, which will
prevent IKE from completing. This commit enables the racoon option to
allow application-level fragmenting and allow security associations to
be created.
cert_entry = """remote %s {
exchange_mode main;
nat_traversal on;
cert_entry = """remote %s {
exchange_mode main;
nat_traversal on;
certificate_type x509 "%s" "%s";
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "%s" "%s";
my_identifier asn1dn;
peers_identifier asn1dn;