Date: Fri, 7 Nov 2003 09:23:21 +0000 From: Matthew Faircliff <matt@databias.co.za> To: Doug Poland <doug@polands.org> Cc: questions@freebsd.org Subject: Re: racoon configuration syntax errors Message-ID: <20031107092321.GC652@databias.co.za> In-Reply-To: <3253.69.48.112.158.1068146234.squirrel@email.polands.org> References: <3253.69.48.112.158.1068146234.squirrel@email.polands.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, It looks as though your sainfo line (99) is incorrect. I assume that you blanked out the actual ip with A.A.A.A? As per the racoon.conf.dist, an sainfo entry should have the following syntax: sainfo address 203.178.141.209 any address 203.178.141.218 any That is, the security association info for 203.178.141.209 (any port) and 203.178.141.218 (any port) follows.... You cannot just have one ip address as this does not create a 1 to 1 mapping. Should you wish to use those settings for a global sa, use: sainfo anonymous HTH. Matt. On Thu, Nov 06, 2003 at 01:17:14PM -0600, Doug Poland wrote: Date: Thu, 6 Nov 2003 13:17:14 -0600 (CST) From: "Doug Poland" <doug@polands.org> To: questions@freebsd.org Subject: racoon configuration syntax errors Hello, I'm trying to set up an IPSEC VPN tunnel between two FreeBSD servers using Dru Lavigne's excellent series of articles as a guide. (http://www.onlamp.com/pub/a/bsd/2003/01/09/FreeBSD_Basics.html) Unfortunately, I'm having a problem getting racoon to run because of an alleged syntax error in my racoon.conf. I've tried many variations, googled the lists, and looked at numerous on-line HOW-TO's but to no avail. The error message I'm getting from racoon is this: 2003-11-06 13:13:14: ERROR: cftoken.l:494:yyerror(): racoon.conf:99: "A.A.A.A" syntax error 2003-11-06 13:13:14: ERROR: cfparse.y:1397:cfparse(): fatal parse failure (1 errors) racoon: failed to parse configuration file. Here's the area around line 99 of my racoon.conf: (The line numbers are not actually in the racoon.conf file) 98 99 sainfo A.A.A.A 100 { 101 pfs_group 5; 102 lifetime time 24 hour; 103 encryption_algorithm blowfish ; 104 authentication_algorithm hmac_sha1; 105 compression_algorithm deflate ; 106 } 107 Could someone shed some light on this please? Many thanks in advance. -- Regards, Doug _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031107092321.GC652>