racoon configuration syntax errors
Matthew Faircliff
matt at databias.co.za
Thu Nov 6 23:23:31 PST 2003
Hello,
It looks as though your sainfo line (99) is incorrect. I assume that you blanked out the actual ip with A.A.A.A?
As per the racoon.conf.dist, an sainfo entry should have the following syntax:
sainfo address 203.178.141.209 any address 203.178.141.218 any
That is, the security association info for 203.178.141.209 (any port) and 203.178.141.218 (any port) follows....
You cannot just have one ip address as this does not create a 1 to 1 mapping.
Should you wish to use those settings for a global sa, use:
sainfo anonymous
HTH.
Matt.
On Thu, Nov 06, 2003 at 01:17:14PM -0600, Doug Poland wrote:
Date: Thu, 6 Nov 2003 13:17:14 -0600 (CST)
From: "Doug Poland" <doug at polands.org>
To: questions at freebsd.org
Subject: racoon configuration syntax errors
Hello,
I'm trying to set up an IPSEC VPN tunnel between two FreeBSD servers using Dru Lavigne's
excellent series of articles as a guide.
(http://www.onlamp.com/pub/a/bsd/2003/01/09/FreeBSD_Basics.html)
Unfortunately, I'm having a problem getting racoon to run because of an alleged syntax
error in my racoon.conf. I've tried many variations, googled the lists, and looked at
numerous on-line HOW-TO's but to no avail.
The error message I'm getting from racoon is this:
2003-11-06 13:13:14: ERROR: cftoken.l:494:yyerror(): racoon.conf:99: "A.A.A.A" syntax error
2003-11-06 13:13:14: ERROR: cfparse.y:1397:cfparse(): fatal parse failure (1 errors)
racoon: failed to parse configuration file.
Here's the area around line 99 of my racoon.conf: (The line numbers are not actually in
the racoon.conf file)
98
99 sainfo A.A.A.A
100 {
101 pfs_group 5;
102 lifetime time 24 hour;
103 encryption_algorithm blowfish ;
104 authentication_algorithm hmac_sha1;
105 compression_algorithm deflate ;
106 }
107
Could someone shed some light on this please? Many thanks in advance.
--
Regards,
Doug
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list