Can't start ipsec service even after a fresh new install 2.0-RELEASE (i386)



  • Hi,
    Can somebody please let me know even after installing 2.0 from scratch I can't start racoon services when I am trying to start it says it started but in fact it is not. Under ipsec log I am getting error message

    Nov 19 09:42:41 racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
    Nov 19 09:42:41 racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
    Nov 19 09:42:41 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
    Nov 19 09:42:41 racoon: DEBUG: call pfkey_send_register for AH
    Nov 19 09:42:41 racoon: DEBUG: call pfkey_send_register for ESP
    Nov 19 09:42:41 racoon: DEBUG: call pfkey_send_register for IPCOMP
    Nov 19 09:42:41 racoon: DEBUG: reading config file /var/etc/racoon.conf
    Nov 19 09:42:41 racoon: ERROR: /var/etc/racoon.conf:19: "2" syntax error
    Nov 19 09:42:41 racoon: ERROR: fatal parse failure (1 errors)

    Can somebody let me know how to fix it?

    Thanks



  • Should be impossible to get an invalid config like that. Go to Diagnostics>Command, and execute:
    cat /var/etc/racoon.conf

    and paste the output (with anonymized IPs) here.



  • same issues as stated above.

    Dec 3 22:56:03 racoon: ERROR: could not read configuration file "/var/etc/racoon.conf"
    Dec 3 22:56:03 racoon: ERROR: glob found no matches for path "/var/etc/racoon.conf"
    Dec 3 22:56:03 racoon: DEBUG: call pfkey_send_register for IPCOMP
    Dec 3 22:56:03 racoon: DEBUG: call pfkey_send_register for ESP
    Dec 3 22:56:03 racoon: DEBUG: call pfkey_send_register for AH
    Dec 3 22:56:03 racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
    Dec 3 22:56:03 racoon: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (http://www.openssl.org/)
    Dec 3 22:56:03 racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)

    issued the command and this was the output.

    cat: /var/etc/racoon.conf: No such file or directory



  • I got this error when I had multiple identical Phase 2 entries on a single Phase 1 for dyamic-IP site-to-site VPN's.  Do you have the same config?



  • Once I created an ipsec configuration entry I was able to get the service to start, I thought I needed the service started before I would be able to configure and entry but that wasn't the case. Now I just to need to figure out how to get a remote cisco device, to talk to nice with pfsence. Hopefully its not to frustrating.


Log in to reply