Help with error (racoon.conf:2: "500" parse error)

hoba

In case the IP is not cleared download your config.xml from diagnostics>backup/restore, manually remove the item and upload it again. But first Do what Scott asked for please.

artifact

Ok,

Ill checked WAN ip, and there ir everything ok.

Interfaces: WAN
Type: Static
Static IP configuration: Correct
Other settings - empty
FTP Helper  Disable the userland FTP-Proxy application  [CHECKED]
Block private networks [CHECKED]

Diagnostics: Ping

Host  : www.yahoo.com
Interface  WAN
Count 3

Ping output:

PING www.yahoo-ht2.akadns.net (209.73.186.238) from 159.148.175.210: 56 data bytes
64 bytes from 209.73.186.238: icmp_seq=0 ttl=50 time=176.817 ms
64 bytes from 209.73.186.238: icmp_seq=1 ttl=50 time=176.690 ms
64 bytes from 209.73.186.238: icmp_seq=2 ttl=50 time=176.749 ms

--- www.yahoo-ht2.akadns.net ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 176.690/176.752/176.817/0.052 ms

cat /cf/conf/config.xml | grep failoverip returned nothing.

/cf/conf/config.xml - only here found some failover string and no more in this file.

 <dhcpd><lan><enable>yes</enable>
			 <range><from>192.168.1.101</from>
				<to>192.168.1.199</to></range> 
			 <defaultleasetime><maxleasetime><netmask>[b]<failover_peerip>[/b]
			 <gateway><dnsserver>192.168.1.200</dnsserver></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></lan></dhcpd> 

sullrich

What version is this again?  That all looks fine to me.

artifact

Version 1.0.1
built on Sun Oct 29 01:07:16 UTC 2006

Tnx ;)

artifact

Also if i try to launch racoon from shell

racoon -f /var/etc/racoon.conf

racoon: failed to parse configuration file.

artifact

I reseted my two month old settings from backup and there now is error like this, whats wrong??

Jan 3 11:08:10 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Jan 3 11:08:10 	racoon: INFO: 192.168.1.1[500] used as isakmp port (fd=19)
Jan 3 11:08:10 	racoon: INFO: fe80::230:4fff:fe25:33b0%rl0[500] used as isakmp port (fd=18)
Jan 3 11:08:10 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Jan 3 11:08:10 	racoon: INFO: xxx.xxx.xxx.xxx[500] used as isakmp port (fd=17)
Jan 3 11:08:10 	racoon: INFO: fe80::201:29ff:fe93:1125%vr0[500] used as isakmp port (fd=16)
Jan 3 11:08:10 	racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Jan 3 11:08:10 	racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
Jan 3 11:08:10 	racoon: INFO: ::1[500] used as isakmp port (fd=14)
Jan 3 11:08:10 	racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
Jan 3 11:08:10 	racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Jan 3 11:08:10 	racoon: INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)
Jan 3 11:08:09 	racoon: INFO: racoon shutdown
Jan 3 11:08:08 	racoon: INFO: caught signal 15

jahonix

Same over here. I am to dumb to get IPsec to work…  :-[

I got some Firewall block messages from TCP Port 500 in the logs.
My static site is really knocked down on ports - do I have to open up something special here?

Needless to say, the tunnel is not coming up and I cannot ping a host on the other side.
Both pfSenses are 1.0.1 Snapshot 2006-DEC-23 with PPPoE ADSL.
Office has a static IP, home a dynamic one. NO SAD or SPD entries on static side and only SPD on dynamic end where I also get this:

Diagnostics: System logs: IPSEC VPN
Jan 4 10:48:10 racoon: ERROR: fatal parse failure (1 errors)
Jan 4 10:48:10 racoon: ERROR: /var/etc/racoon.conf:2: "500" parse error
Jan 4 10:48:10 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Jan 4 10:48:10 racoon: INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)

Does the  "500" parse error  relate to a port issue??

artifact

Ill try to reinstall pfsense. Maybe that helps.

jahonix

Any news here?

I still get the parse error and have no idea where to look.
Installation is vanilla 1.0.1 with current snapshot, 1.0.1-SNAPSHOT-12-28-2006, built on Thu Jan 4 13:07:12 EST 2007
I added squid, (freeradius…), NTP, nmap (...) and mc.

IPsec install was from Hoba's tutorial.
What firewall ruleset do you recommend for IPsec use? UDP 500 and EAP on WAN or gateway's LAN address?
That's not covered by the tutorial AFAIK.

Greatly appreciate your help!

artifact

I reinstalled all system and now its works. I think that's a bug.