From owner-freebsd-questions@FreeBSD.ORG Fri Nov 7 03:40:17 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8E4016A4CE for ; Fri, 7 Nov 2003 03:40:17 -0800 (PST) Received: from galilee.polands.org (CPE-24-29-189-110.new.rr.com [24.29.189.110]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5ABDF43FEA for ; Fri, 7 Nov 2003 03:40:16 -0800 (PST) (envelope-from djp@polands.org) Received: from sheba.polands.org (sheba.polands.org [172.16.1.33]) by galilee.polands.org (8.12.9/8.12.9) with ESMTP id hA7BdRkj034903; Fri, 7 Nov 2003 05:39:28 -0600 (CST) (envelope-from djp@polands.org) Received: from sheba.polands.org (localhost [127.0.0.1]) by sheba.polands.org (8.12.9/8.12.9) with ESMTP id hA7BdRUt091747; Fri, 7 Nov 2003 05:39:27 -0600 (CST) (envelope-from djp@sheba.polands.org) Received: (from djp@localhost) by sheba.polands.org (8.12.9/8.12.9/Submit) id hA7BdGUU091746; Fri, 7 Nov 2003 05:39:16 -0600 (CST) Date: Fri, 7 Nov 2003 05:39:16 -0600 From: Doug Poland To: Matthew Faircliff Message-ID: <20031107113916.GA91711@polands.org> References: <3253.69.48.112.158.1068146234.squirrel@email.polands.org> <20031107092321.GC652@databias.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031107092321.GC652@databias.co.za> User-Agent: Mutt/1.5.4i cc: questions@freebsd.org Subject: Re: racoon configuration syntax errors X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2003 11:40:18 -0000 X-List-Received-Date: Fri, 07 Nov 2003 11:40:18 -0000 On Fri, Nov 07, 2003 at 09:23:21AM +0000, Matthew Faircliff wrote: > Hello, > > It looks as though your sainfo line (99) is incorrect. I assume that > you blanked out the actual ip with A.A.A.A? > Yes, it's obfuscated > As per the racoon.conf.dist, an sainfo entry should have the > following syntax: sainfo address 203.178.141.209 any address 203.178.141.218 any > That is, the security association info for > 203.178.141.209 (any port) and 203.178.141.218 (any port) > follows.... You cannot just have one ip address as this does > not create a 1 to 1 mapping. Should you wish to use those settings > for a global sa, use: sainfo anonymous > > HTH. > I hope so. I'm following the example on: http://www.onlamp.com/pub/a/bsd/2002/12/26/FreeBSD_Basics.html?page=2 towards the bottom of the page. That example must be erroneous. I'll give your suggestion a try, thanks! -- Regards, Doug > > On Thu, Nov 06, 2003 at 01:17:14PM -0600, Doug Poland wrote: > Date: Thu, 6 Nov 2003 13:17:14 -0600 (CST) > From: "Doug Poland" > To: questions@freebsd.org > Subject: racoon configuration syntax errors > > Hello, > > I'm trying to set up an IPSEC VPN tunnel between two FreeBSD servers using Dru Lavigne's > excellent series of articles as a guide. > > (http://www.onlamp.com/pub/a/bsd/2003/01/09/FreeBSD_Basics.html) > > Unfortunately, I'm having a problem getting racoon to run because of an alleged syntax > error in my racoon.conf. I've tried many variations, googled the lists, and looked at > numerous on-line HOW-TO's but to no avail. > > The error message I'm getting from racoon is this: > > 2003-11-06 13:13:14: ERROR: cftoken.l:494:yyerror(): racoon.conf:99: "A.A.A.A" syntax error > 2003-11-06 13:13:14: ERROR: cfparse.y:1397:cfparse(): fatal parse failure (1 errors) > racoon: failed to parse configuration file. > > Here's the area around line 99 of my racoon.conf: (The line numbers are not actually in > the racoon.conf file) > > 98 > 99 sainfo A.A.A.A > 100 { > 101 pfs_group 5; > 102 lifetime time 24 hour; > 103 encryption_algorithm blowfish ; > 104 authentication_algorithm hmac_sha1; > 105 compression_algorithm deflate ; > 106 } > 107 > > Could someone shed some light on this please? Many thanks in advance. >