Racoon: ERROR: /var/etc/ipsec/racoon.conf:22: "/;" syntax error

Spookje

I'm trying setup a IPSec VPN for mobile clients.

when i try to start recoon it fails which the flowing error:

Nov 22 12:27:29	racoon: ERROR: fatal parse failure (1 errors)
Nov 22 12:27:29	racoon: ERROR: /var/etc/ipsec/racoon.conf:22: "/;" syntax error
Nov 22 12:27:29	racoon: INFO: Resize address pool from 0 to 253
Nov 22 12:27:29	racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
Nov 22 12:27:29	racoon: INFO: @(#)This product linked OpenSSL 0.9.8q 2 Dec 2010 (http://www.openssl.org/)
Nov 22 12:27:29	racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)

racoon.conf:

# This file is automatically generated. Do not edit
path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

listen
{
	adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
	isakmp 192.168.1.67 [500];
	isakmp_natt 192.168.1.67 [4500];
}

mode_cfg
{
	auth_source external;
	group_source system;
	pool_size 253;
	network4 10.0.253.2;
	netmask4 255.255.255.0;
	split_network include /;
	dns4 10.0.0.1;
	default_domain "***.Lan";
	split_dns "***.Lan";
	pfs_group 14;
	save_passwd on;
}

extcfg { script "/var/etc/ipsec/ipsec.php" }

remote anonymous
{
	ph1id 1;
	exchange_mode base;
	my_identifier fqdn "VPN.***.nl";
	peers_identifier user_fqdn "***@***.nl";
	ike_frag on;
	generate_policy = on;
	initial_contact = off;
	nat_traversal = on;
	certificate_type x509 "cert-1.crt" "cert-1.key";
	ca_type x509 "ca-1.crt";
	dpd_delay = 10;
	dpd_maxfail = 5;
	support_proxy on;
	proposal_check obey;
	passive on;

	proposal
	{
		authentication_method xauth_rsa_server;
		encryption_algorithm blowfish 256;
		hash_algorithm sha512;
		dh_group 14;
		lifetime time 28800 secs;
	}
}

sainfo address 192.168.1.67 any anonymous
{
	remoteid 1;
	encryption_algorithm aes 256, blowfish 256, blowfish 248, blowfish 240, blowfish 232, blowfish 224, blowfish 216, blowfish 208, blowfish 200, blowfish 192, blowfish 184, blowfish 176, blowfish 168, blowfish 160, blowfish 152, blowfish 144, blowfish 136, blowfish 128, cast128;
	authentication_algorithm hmac_sha256,hmac_sha384,hmac_sha512;
	pfs_group 14;
	lifetime time 3600 secs;
	compression_algorithm deflate;
}
```*** is edited (as usual.)"

pfSense version:

Current version: 2.1-BETA0
Built On: Wed Nov 14 15:13:15 EST 2012


when i try to delete line 22 on racoon.conf end try to start recoon it replaces racoon.conf which the old one, end fails again…

Spookje

nobody an idea?

or can i post it on RedMine?

dhatz

Yep, looks like a bug.

The syntax should be like:
split_network include 10.x.y.z/24;

cmb

what do you have set in your phase 2 for mobile clients for local network? It populates that line from that value.

Spookje

my phase 2, nothing configured about networks. (see attachment)

pfSense-IPSec-Phase2.PNG_thumb

jimp

You can't do transport mode with mobile clients. I'm not sure why it let you select that.

Switch to tunnel mode.

Spookje

Sorry for the late reply, i was out of commission for a bit…

thanks jimp, that did fix it...