racoon configuration syntax errors
Doug Poland
doug at polands.org
Fri Nov 7 03:40:18 PST 2003
On Fri, Nov 07, 2003 at 09:23:21AM +0000, Matthew Faircliff wrote:
> Hello,
>
> It looks as though your sainfo line (99) is incorrect. I assume that
> you blanked out the actual ip with A.A.A.A?
>
Yes, it's obfuscated
> As per the racoon.conf.dist, an sainfo entry should have the
> following syntax: sainfo address 203.178.141.209 any address 203.178.141.218 any
> That is, the security association info for
> 203.178.141.209 (any port) and 203.178.141.218 (any port)
> follows.... You cannot just have one ip address as this does
> not create a 1 to 1 mapping. Should you wish to use those settings
> for a global sa, use: sainfo anonymous
>
> HTH.
>
I hope so. I'm following the example on:
http://www.onlamp.com/pub/a/bsd/2002/12/26/FreeBSD_Basics.html?page=2
towards the bottom of the page. That example must be erroneous.
I'll give your suggestion a try, thanks!
--
Regards,
Doug
>
> On Thu, Nov 06, 2003 at 01:17:14PM -0600, Doug Poland wrote:
> Date: Thu, 6 Nov 2003 13:17:14 -0600 (CST)
> From: "Doug Poland" <doug at polands.org>
> To: questions at freebsd.org
> Subject: racoon configuration syntax errors
>
> Hello,
>
> I'm trying to set up an IPSEC VPN tunnel between two FreeBSD servers using Dru Lavigne's
> excellent series of articles as a guide.
>
> (http://www.onlamp.com/pub/a/bsd/2003/01/09/FreeBSD_Basics.html)
>
> Unfortunately, I'm having a problem getting racoon to run because of an alleged syntax
> error in my racoon.conf. I've tried many variations, googled the lists, and looked at
> numerous on-line HOW-TO's but to no avail.
>
> The error message I'm getting from racoon is this:
>
> 2003-11-06 13:13:14: ERROR: cftoken.l:494:yyerror(): racoon.conf:99: "A.A.A.A" syntax error
> 2003-11-06 13:13:14: ERROR: cfparse.y:1397:cfparse(): fatal parse failure (1 errors)
> racoon: failed to parse configuration file.
>
> Here's the area around line 99 of my racoon.conf: (The line numbers are not actually in
> the racoon.conf file)
>
> 98
> 99 sainfo A.A.A.A
> 100 {
> 101 pfs_group 5;
> 102 lifetime time 24 hour;
> 103 encryption_algorithm blowfish ;
> 104 authentication_algorithm hmac_sha1;
> 105 compression_algorithm deflate ;
> 106 }
> 107
>
> Could someone shed some light on this please? Many thanks in advance.
>
More information about the freebsd-questions
mailing list