racoon configuration syntax errors

Matthew Faircliff matt at databias.co.za
Thu Nov 6 23:23:31 PST 2003 

Hello,

It looks as though your sainfo line (99) is incorrect. I assume that you blanked out the actual ip with A.A.A.A?

As per the racoon.conf.dist, an sainfo entry should have the following syntax:

sainfo address 203.178.141.209 any address 203.178.141.218 any

That is, the security association info for 203.178.141.209 (any port) and 203.178.141.218 (any port) follows....

You cannot just have one ip address as this does not create a 1 to 1 mapping.

Should you wish to use those settings for a global sa, use:

sainfo anonymous 

HTH.

Matt.


On Thu, Nov 06, 2003 at 01:17:14PM -0600, Doug Poland wrote:
Date: Thu, 6 Nov 2003 13:17:14 -0600 (CST)
From: "Doug Poland" <doug at polands.org>
To: questions at freebsd.org
Subject: racoon configuration syntax errors

Hello,

I'm trying to set up an IPSEC VPN tunnel between two FreeBSD servers using Dru Lavigne's
excellent series of articles as a guide.

(http://www.onlamp.com/pub/a/bsd/2003/01/09/FreeBSD_Basics.html)

Unfortunately, I'm having a problem getting racoon to run because of an alleged syntax
error in my racoon.conf.  I've tried many variations, googled the lists, and looked at
numerous on-line HOW-TO's but to no avail.

The error message I'm getting from racoon is this:

2003-11-06 13:13:14: ERROR: cftoken.l:494:yyerror(): racoon.conf:99: "A.A.A.A" syntax error
2003-11-06 13:13:14: ERROR: cfparse.y:1397:cfparse(): fatal parse failure (1 errors)
racoon: failed to parse configuration file.

Here's the area around line 99 of my racoon.conf:  (The line numbers are not actually in
the racoon.conf file)

    98
    99 sainfo A.A.A.A
    100 {
    101         pfs_group 5;
    102         lifetime time 24 hour;
    103         encryption_algorithm blowfish ;
    104         authentication_algorithm hmac_sha1;
    105         compression_algorithm deflate ;
    106 }
    107

Could someone shed some light on this please?  Many thanks in advance.

-- 
Regards,
Doug


_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list