Racoon: ERROR: /var/etc/ipsec/racoon.conf:22: "/;" syntax error

Spookje · Nov 22, 2012, 11:44 AM

I'm trying setup a IPSec VPN for mobile clients.

when i try to start recoon it fails which the flowing error:

Nov 22 12:27:29	racoon: ERROR: fatal parse failure (1 errors)
Nov 22 12:27:29	racoon: ERROR: /var/etc/ipsec/racoon.conf:22: "/;" syntax error
Nov 22 12:27:29	racoon: INFO: Resize address pool from 0 to 253
Nov 22 12:27:29	racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
Nov 22 12:27:29	racoon: INFO: @(#)This product linked OpenSSL 0.9.8q 2 Dec 2010 (http://www.openssl.org/)
Nov 22 12:27:29	racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)

racoon.conf:

# This file is automatically generated. Do not edit
path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

listen
{
	adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
	isakmp 192.168.1.67 [500];
	isakmp_natt 192.168.1.67 [4500];
}

mode_cfg
{
	auth_source external;
	group_source system;
	pool_size 253;
	network4 10.0.253.2;
	netmask4 255.255.255.0;
	split_network include /;
	dns4 10.0.0.1;
	default_domain "***.Lan";
	split_dns "***.Lan";
	pfs_group 14;
	save_passwd on;
}

extcfg { script "/var/etc/ipsec/ipsec.php" }

remote anonymous
{
	ph1id 1;
	exchange_mode base;
	my_identifier fqdn "VPN.***.nl";
	peers_identifier user_fqdn "***@***.nl";
	ike_frag on;
	generate_policy = on;
	initial_contact = off;
	nat_traversal = on;
	certificate_type x509 "cert-1.crt" "cert-1.key";
	ca_type x509 "ca-1.crt";
	dpd_delay = 10;
	dpd_maxfail = 5;
	support_proxy on;
	proposal_check obey;
	passive on;

	proposal
	{
		authentication_method xauth_rsa_server;
		encryption_algorithm blowfish 256;
		hash_algorithm sha512;
		dh_group 14;
		lifetime time 28800 secs;
	}
}

sainfo address 192.168.1.67 any anonymous
{
	remoteid 1;
	encryption_algorithm aes 256, blowfish 256, blowfish 248, blowfish 240, blowfish 232, blowfish 224, blowfish 216, blowfish 208, blowfish 200, blowfish 192, blowfish 184, blowfish 176, blowfish 168, blowfish 160, blowfish 152, blowfish 144, blowfish 136, blowfish 128, cast128;
	authentication_algorithm hmac_sha256,hmac_sha384,hmac_sha512;
	pfs_group 14;
	lifetime time 3600 secs;
	compression_algorithm deflate;
}
```*** is edited (as usual.)"

pfSense version:

Current version: 2.1-BETA0
Built On: Wed Nov 14 15:13:15 EST 2012


when i try to delete line 22 on racoon.conf end try to start recoon it replaces racoon.conf which the old one, end fails again…

Spookje · Nov 25, 2012, 10:12 AM

nobody an idea?

or can i post it on RedMine?

dhatz · Nov 25, 2012, 9:45 PM

Yep, looks like a bug.

The syntax should be like:
split_network include 10.x.y.z/24;

cmb · Nov 26, 2012, 3:17 AM

what do you have set in your phase 2 for mobile clients for local network? It populates that line from that value.

Spookje · Nov 26, 2012, 2:06 PM

my phase 2, nothing configured about networks. (see attachment)

jimp · Nov 26, 2012, 6:48 PM

You can't do transport mode with mobile clients. I'm not sure why it let you select that.

Switch to tunnel mode.

Spookje · Dec 14, 2012, 10:13 AM

Sorry for the late reply, i was out of commission for a bit…

thanks jimp, that did fix it...