Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Racoon: ERROR: /var/etc/ipsec/racoon.conf:14: "e" syntax error

    Scheduled Pinned Locked Moved IPsec
    6 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sarics
      last edited by

      Hi All,

      this is my first time here, I've done a huge google and search for solution, before posting this to here.

      Today, we have restarted our racoon service on our pfSense box (2.1-RELEASE (amd64), built on Wed Sep 11 18:17:48 EDT 2013 FreeBSD 8.3-RELEASE-p11). The only thing that has been changed since the last restart, was an OpenVPN install, but I've try to disable it, and the result was the same. It was only a try, but it's not starting again, and we can only see this message in our logs:

      
      Dec 6 15:12:14	racoon: ERROR: fatal parse failure (1 errors)
      Dec 6 15:12:14	racoon: ERROR: /var/etc/ipsec/racoon.conf:14: "e" syntax error
      Dec 6 15:12:14	racoon: WARNING: /var/etc/ipsec/racoon.conf:9: "0660" admin port support not compiled in
      Dec 6 15:12:14	racoon: INFO: Reading configuration from "/var/etc/ipsec/racoon.conf"
      Dec 6 15:12:14	racoon: INFO: @(#)This product linked OpenSSL 0.9.8y 5 Feb 2013 (http://www.openssl.org/)
      Dec 6 15:12:14	racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
      
      

      I don't know, what went wrong, I've reloaded our config backup, but the results are the same. Here is the racoon.conf:

      
      # This file is automatically generated. Do not edit
      path pre_shared_key "/var/etc/ipsec/psk.txt";
      
      path certificate  "/var/etc/ipsec";
      
      listen
      {
      	adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
      	isakmp XXX.XXX.XXX.XXX [500];
      	isakmp_natt XXX.XXX.XXX.XXX [4500];
      }
      
      extcfg { script "/var/etc/ipsec/ipsec.php" }
      
      remote XXX.XXX.XXX.XXX
      {
      	ph1id 1;
      	exchange_mode aggressive;
      	my_identifier address XXX.XXX.XXX.XXX;
      	peers_identifier address XXX.XXX.XXX.XXX;
      	ike_frag on;
      	generate_policy = off;
      	initial_contact = on;
      	nat_traversal = on;
      
      	dpd_delay = 10;
      	dpd_maxfail = 5;
      	support_proxy on;
      	proposal_check strict;
      
      	proposal
      	{
      		authentication_method pre_shared_key;
      		encryption_algorithm aes 256;
      		hash_algorithm sha1;
      		dh_group 2;
      		lifetime time 86400 secs;
      	}
      }
      
      sainfo subnet 192.168.200.0/24 any subnet 192.168.17.0/24 any
      {
      	remoteid 1;
      	encryption_algorithm aes 256;
      	authentication_algorithm hmac_sha1;
      	pfs_group 2;
      	lifetime time 28800 secs;
      	compression_algorithm deflate;
      }
      
      

      Please help me :-)

      1 Reply Last reply Reply Quote 0
      • S
        sarics
        last edited by

        When I try to submit any command from cli, the following are the results:

        
        [2.1-RELEASE][root@domain.com]/var/etc/ipsec(34): racoonctl show-event
        send: Bad file descriptor
        
        
        1 Reply Last reply Reply Quote 0
        • S
          sarics
          last edited by

          I've made changes in the /etc/inc/vpn.inc, commented out the generation of extcfg - and the tunnel is up again.

          
          //$racoonconf .= "extcfg { script \"{$g['varetc_path']}/ipsec/ipsec.php\" }\n";
          
          

          What the hell was that, and where did this problem has came?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Dec 6 15:12:14	racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
            

            pfSense 2.1 uses IPsec tools 0.8.1, not 0.8.0. Somehow you are not running 2.1 binaries, but you have 2.1 PHP code.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • S
              sarics
              last edited by

              @jimp:

              pfSense 2.1 uses IPsec tools 0.8.1, not 0.8.0. Somehow you are not running 2.1 binaries, but you have 2.1 PHP code.

              Sorry for the late answer, but how does it possible, if I didn't touch the command line, unless this issue? As I wrote earlier, I just implemented a new OpenVPN server through a wizard on the web interface, added 2 packages (sudo, and OpenVPN Client Export Wizard), and nothing else.

              It is a solution if I downgrade the package to 0.8.0 somehow? Could you help me please to do this, because the reason why we choose pfSense was the webconfigurator - no one understands FreeBSD.

              Thank you in advance

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Packages would not touch that. There aren't any that would replace the racoon binaries.

                The safest way forward would be to backup your config, wipe/reinstall 2.1, and then restore your backup.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.