Racoon.conf parse error



  • 1.2.1-RC1
    built on Wed Sep 24 04:14:04 EDT 2008

    Sep 24 23:24:17 racoon: ERROR: fatal parse failure (1 errors)
    Sep 24 23:24:17 racoon: ERROR: /var/etc/racoon.conf:7: "pa" syntax error
    Sep 24 23:24:17 racoon: INFO: Resize address pool from 0 to 255
    Sep 24 23:24:17 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
    Sep 24 23:24:17 racoon: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
    Sep 24 23:24:17 racoon: INFO: @(#)ipsec-tools 0.7.1 (http://ipsec-tools.sourceforge.net)
    Sep 24 23:24:02 racoon: ERROR: fatal parse failure (1 errors)
    Sep 24 23:24:02 racoon: ERROR: /var/etc/racoon.conf:7: "pa" syntax error
    Sep 24 23:24:02 racoon: INFO: Resize address pool from 0 to 255
    Sep 24 23:24:02 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
    Sep 24 23:24:02 racoon: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
    Sep 24 23:24:02 racoon: INFO: @(#)ipsec-tools 0.7.1 (http://ipsec-tools.sourceforge.net)

    I think there are still some issues



  • PeterK2003: copy/paste your racoon.conf and <ipsec>to</ipsec> in your config.xml from status.php. it shouldn't be possible to generate a racoon.conf that doesn't parse, so there appears to be some issue there. But it's not related to anything previously reported in this thread, all those issues have been resolved and didn't involve config issues like you're seeing.



  • Fist off let me explain what i am trying to do cause maybe i am doing it all wrong.  I am attempting to make a VPN connection between my apartment and my parents house.  My parents have a netgear DG834G and i obviously am using a pfsense box.  In 1.2 i managed to get a connection but i couldn't get any traffic to pass.  From what i was reading it is not possible in 1.2 this is why i changed to 1.2.1(although i am not sure it is possible here either i think that is part of 1.3).

    Anyways here is my ipsecs config:

    
     <ipsec><preferredoldsa><enable><mobileclients><enable><p1><mode>main</mode>
    			 <myident><fqdn>apartment.XXXX.name</fqdn></myident> 
    			<encryption-algorithm>3des</encryption-algorithm>
    			<hash-algorithm>sha1</hash-algorithm>
    			<dhgroup>2</dhgroup>
    			<lifetime>1200</lifetime>
    			 <private-key><cert><authentication_method>pre_shared_key</authentication_method></cert></private-key></p1> 
    		 <p2><protocol>esp</protocol>
    			<encryption-algorithm-option>3des</encryption-algorithm-option>
    			<encryption-algorithm-option>blowfish</encryption-algorithm-option>
    			<encryption-algorithm-option>cast128</encryption-algorithm-option>
    			<encryption-algorithm-option>rijndael</encryption-algorithm-option>
    			<hash-algorithm-option>hmac_sha1</hash-algorithm-option>
    			<hash-algorithm-option>hmac_md5</hash-algorithm-option>
    			<pfsgroup>2</pfsgroup>
    			<lifetime>1200</lifetime></p2></enable></mobileclients> 
    	 <mobilekey><ident>71.XXX.XXX.221</ident>
    		<pre-shared-key>XXXX</pre-shared-key></mobilekey></enable></preferredoldsa></ipsec> 
    

    How do i get the racoon.conf file?



  • @PeterK2003:

    Fist off let me explain what i am trying to do cause maybe i am doing it all wrong.  I am attempting to make a VPN connection between my apartment and my parents house.  My parents have a netgear DG834G and i obviously am using a pfsense box.  In 1.2 i managed to get a connection but i couldn't get any traffic to pass.  From what i was reading it is not possible in 1.2 this is why i changed to 1.2.1(although i am not sure it is possible here either i think that is part of 1.3).

    Not sure what makes you think that wouldn't be possible in 1.2, this is pretty straight forward, though I would recommend 1.2.1 at this point.

    @PeterK2003:

    How do i get the racoon.conf file?

    Go to Diagnostics -> Command, run 'cat /var/etc/racoon.conf', paste output here.



  • i read some posts that seemed to say that but i may have misread it.

    $ cat /var/etc/racoon.conf
    path pre_shared_key "/var/etc/psk.txt";
    
    path certificate  "/var/etc";
    
    remote anonymous {
    	exchange_mode main;
    	my_identifier fqdn apartment.XXX.name;	
    
    	initial_contact on;
    	dpd_delay 120;                   # DPD poll every 120 seconds
    	ike_frag on;
    	passive on;
    	generate_policy on;
    	support_proxy on;
    	proposal_check obey;
    
    	proposal {
    		encryption_algorithm 3des;
    		hash_algorithm sha1;
    		authentication_method pre_shared_key;
    		dh_group 2;
    		lifetime time 1200 secs;
    	}
    	lifetime time 1200 secs;
    }
    
    sainfo anonymous {
    	encryption_algorithm 3des,blowfish,cast128,rijndael;
    	authentication_algorithm hmac_sha1,hmac_md5;
    	compression_algorithm deflate;
    	pfs_group 2;
    	lifetime time 1200 secs;
    }
    
    


  • that conf looks fine, not sure why it's barking on the fqdn line, does it for me also.  checking into it.



  • I just fixed this, try tomorrow's snapshot and it'll work.



  • ohhh you moved it to a new thread i hadn't realized u answered–i'll try it out



  • ok i have a connection agian but still no traffic is being passed.

    What should the firewall rule look like?



  • ok i appears that traffic into the PF Box on the VPN is getting handled correctly but traffic out is not.



  • ok scratch that–i had some windows firewall issues


Log in to reply