racoon configuration syntax errors

Doug Poland doug at polands.org
Fri Nov 7 03:40:18 PST 2003 

On Fri, Nov 07, 2003 at 09:23:21AM +0000, Matthew Faircliff wrote:
> Hello,
> 
> It looks as though your sainfo line (99) is incorrect. I assume that
> you blanked out the actual ip with A.A.A.A?
> 
Yes, it's obfuscated

> As per the racoon.conf.dist, an sainfo entry should have the
> following syntax: sainfo address 203.178.141.209 any address 203.178.141.218 any 
> That is, the security association info for
> 203.178.141.209 (any port) and 203.178.141.218 (any port)
> follows....  You cannot just have one ip address as this does
> not create a 1 to 1 mapping.  Should you wish to use those settings
> for a global sa, use: sainfo anonymous 
> 
> HTH.
> 
I hope so. I'm following the example on: 

  http://www.onlamp.com/pub/a/bsd/2002/12/26/FreeBSD_Basics.html?page=2

towards the bottom of the page.  That example must be erroneous.
I'll give your suggestion a try, thanks!

-- 
Regards,
Doug


> 
> On Thu, Nov 06, 2003 at 01:17:14PM -0600, Doug Poland wrote:
> Date: Thu, 6 Nov 2003 13:17:14 -0600 (CST)
> From: "Doug Poland" <doug at polands.org>
> To: questions at freebsd.org
> Subject: racoon configuration syntax errors
> 
> Hello,
> 
> I'm trying to set up an IPSEC VPN tunnel between two FreeBSD servers using Dru Lavigne's
> excellent series of articles as a guide.
> 
> (http://www.onlamp.com/pub/a/bsd/2003/01/09/FreeBSD_Basics.html)
> 
> Unfortunately, I'm having a problem getting racoon to run because of an alleged syntax
> error in my racoon.conf.  I've tried many variations, googled the lists, and looked at
> numerous on-line HOW-TO's but to no avail.
> 
> The error message I'm getting from racoon is this:
> 
> 2003-11-06 13:13:14: ERROR: cftoken.l:494:yyerror(): racoon.conf:99: "A.A.A.A" syntax error
> 2003-11-06 13:13:14: ERROR: cfparse.y:1397:cfparse(): fatal parse failure (1 errors)
> racoon: failed to parse configuration file.
> 
> Here's the area around line 99 of my racoon.conf:  (The line numbers are not actually in
> the racoon.conf file)
> 
>     98
>     99 sainfo A.A.A.A
>     100 {
>     101         pfs_group 5;
>     102         lifetime time 24 hour;
>     103         encryption_algorithm blowfish ;
>     104         authentication_algorithm hmac_sha1;
>     105         compression_algorithm deflate ;
>     106 }
>     107
> 
> Could someone shed some light on this please?  Many thanks in advance.
>

More information about the freebsd-questions mailing list