Date: Fri, 7 Nov 2003 05:39:16 -0600 From: Doug Poland <doug@polands.org> To: Matthew Faircliff <matt@databias.co.za> Cc: questions@freebsd.org Subject: Re: racoon configuration syntax errors Message-ID: <20031107113916.GA91711@polands.org> In-Reply-To: <20031107092321.GC652@databias.co.za> References: <3253.69.48.112.158.1068146234.squirrel@email.polands.org> <20031107092321.GC652@databias.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 07, 2003 at 09:23:21AM +0000, Matthew Faircliff wrote: > Hello, > > It looks as though your sainfo line (99) is incorrect. I assume that > you blanked out the actual ip with A.A.A.A? > Yes, it's obfuscated > As per the racoon.conf.dist, an sainfo entry should have the > following syntax: sainfo address 203.178.141.209 any address 203.178.141.218 any > That is, the security association info for > 203.178.141.209 (any port) and 203.178.141.218 (any port) > follows.... You cannot just have one ip address as this does > not create a 1 to 1 mapping. Should you wish to use those settings > for a global sa, use: sainfo anonymous > > HTH. > I hope so. I'm following the example on: http://www.onlamp.com/pub/a/bsd/2002/12/26/FreeBSD_Basics.html?page=2 towards the bottom of the page. That example must be erroneous. I'll give your suggestion a try, thanks! -- Regards, Doug > > On Thu, Nov 06, 2003 at 01:17:14PM -0600, Doug Poland wrote: > Date: Thu, 6 Nov 2003 13:17:14 -0600 (CST) > From: "Doug Poland" <doug@polands.org> > To: questions@freebsd.org > Subject: racoon configuration syntax errors > > Hello, > > I'm trying to set up an IPSEC VPN tunnel between two FreeBSD servers using Dru Lavigne's > excellent series of articles as a guide. > > (http://www.onlamp.com/pub/a/bsd/2003/01/09/FreeBSD_Basics.html) > > Unfortunately, I'm having a problem getting racoon to run because of an alleged syntax > error in my racoon.conf. I've tried many variations, googled the lists, and looked at > numerous on-line HOW-TO's but to no avail. > > The error message I'm getting from racoon is this: > > 2003-11-06 13:13:14: ERROR: cftoken.l:494:yyerror(): racoon.conf:99: "A.A.A.A" syntax error > 2003-11-06 13:13:14: ERROR: cfparse.y:1397:cfparse(): fatal parse failure (1 errors) > racoon: failed to parse configuration file. > > Here's the area around line 99 of my racoon.conf: (The line numbers are not actually in > the racoon.conf file) > > 98 > 99 sainfo A.A.A.A > 100 { > 101 pfs_group 5; > 102 lifetime time 24 hour; > 103 encryption_algorithm blowfish ; > 104 authentication_algorithm hmac_sha1; > 105 compression_algorithm deflate ; > 106 } > 107 > > Could someone shed some light on this please? Many thanks in advance. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031107113916.GA91711>