IPsec - racoon.conf - SYNTAX ERROR

Nachtfalke · May 10, 2011, 2:54 PM

Hi,

just played a little bit with IPsec and got this error:

May 10 14:22:22 	racoon: ERROR: fatal parse failure (1 errors)
May 10 14:22:22 	racoon: ERROR: /var/etc/racoon.conf:44: "{" syntax error
May 10 14:22:22 	racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
May 10 14:22:22 	racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
May 10 14:22:22 	racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
May 10 14:06:38 	racoon: ERROR: could not read configuration file "/var/etc/racoon.conf"
May 10 14:06:38 	racoon: ERROR: glob found no matches for path "/var/etc/racoon.conf"
May 10 14:06:38 	racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
May 10 14:06:38 	racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
May 10 14:06:38 	racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
May 10 14:05:59 	racoon: ERROR: could not read configuration file "/var/etc/racoon.conf"
May 10 14:05:59 	racoon: ERROR: glob found no matches for path "/var/etc/racoon.conf"
May 10 14:05:59 	racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
May 10 14:05:59 	racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
May 10 14:05:59 	racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)

jimp · May 10, 2011, 6:42 PM

It would help to see /var/etc/racoon.conf and also the ipsec section of your config. Something in the config is causing it to generate invalid syntax but without seeing the config and the invalid syntax (and the context around it), it's impossible to say what that might be.

Nachtfalke · May 10, 2011, 6:49 PM

Hi jimp,

I just played with IPsec and after this error I just reverted all I did because of this error.
Perhaps I did some wrong entries. I thought its just a simple syntax problem with a missing "{" or something else.

Please do not spend to much time on this if my racoon.conf will not help you. I will post again I this error occures again and the will offer more details.

# This file is automatically generated. Do not edit
path pre_shared_key "/var/etc/psk.txt";
# This file is automatically generated. Do not edit
path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

listen
{
        adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
        isakmp 192.168.1.143 [500];
        isakmp_natt 192.168.1.143 [4500];
}

remote 84.169.95.132
{
        ph1id 1;
        exchange_mode aggressive;
        my_identifier address 192.168.1.143;
        peers_identifier fqdn "TESTVPN";
        ike_frag on;
        generate_policy = off;
        initial_contact = on;
        nat_traversal = on;

        dpd_delay = 10;
        dpd_maxfail = 5;
        support_proxy on;
        proposal_check claim;

        proposal
        {
                authentication_method pre_shared_key;
                encryption_algorithm aes 256;
                hash_algorithm sha1;
                dh_group 2;
                lifetime time 28800 secs;
        }
}

sainfo   subnet 172.16.0.0/16 any
{
        remoteid 1;
        encryption_algorithm aes 256;
        authentication_algorithm hmac_sha1;

        lifetime time 3600 secs;
        compression_algorithm deflate;
}