Re: [Astlinux-users] ipsec

Kristian Kielhofner Fri, 06 Oct 2006 07:41:06 -0700

Dominko Vrljic wrote:
> Does anyone successfully run ipsec in astlinux 0.4.3 or in version 
> produced by development environment?
> I always get error:
> racoon: failed to parse configuration file.
> It seams racoon is unable to parse configuration file no matter what is 
> in file. E.g.
> Oct  5 17:27:34 pbx daemon.info racoon: INFO: @(#)ipsec-tools 0.6.6 
> (http://ipsec-tools.sourceforge.net)
> Oct  5 17:27:34 pbx daemon.info racoon: INFO: @(#)This product linked 
> OpenSSL 0.9.7e 25 Oct 2004 (http://www.openssl.org/)
> Oct  5 17:27:35 pbx daemon.info racoon: ERROR: /mnt/kd/racoon.conf:3: 
> "listen" parse error
> Oct  5 17:27:35 pbx daemon.info racoon: ERROR: fatal parse failure (1 
> errors)
> But I have some version of racoon that works well. It is compiled at 
> beginning of July and version is 0.6.6. What is changed in meantime?
> 
> Dominko
>


Dominko,

        It looks like it does not like your listen directive for some reason. 
Can you post a sanitized copy of your config file?  I have this working 
between AstLinux and a Cisco 2811 ISR:

path include "/etc";
path pre_shared_key "/etc/psk.txt";
padding
{
     maximum_length 20;    # maximum padding length.
     randomize off;        # enable randomize length.
     strict_check off;    # enable strict check.
     exclusive_tail off;    # extract last one octet.
}
listen
{
     isakmp xxx.xxx.xxx.xxx [500];
}
# Specification of default various timer.
timer
{
     # These value can be changed per remote node.
     counter 5;        # maximum trying count to send.
     interval 20 sec;    # maximum interval to resend.
     persend 1;        # the number of packets per a send.

     # timer for waiting to complete each phase.
     phase1 90 sec;
     phase2 90 sec;

}
# Remote Office - Main Office VPN
remote xxx.xxx.xxx.xxx {
         my_identifier address xxx.xxx.xxx.xxx;
         exchange_mode aggressive,main;
         initial_contact off;
         proposal {
                 encryption_algorithm 3des;
                 hash_algorithm sha1;
                 authentication_method pre_shared_key;
                 dh_group 2;
         }
}
sainfo anonymous
{
         pfs_group 2;
         encryption_algorithm 3des;
         authentication_algorithm hmac_sha1;
         compression_algorithm deflate;
         lifetime time 3600 sec;

}


--
Kristian Kielhofner
_______________________________________________
Astlinux-users mailing list
[email protected]
http://lists.kriscompanies.com/mailman/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to [EMAIL 
PROTECTED]

Re: [Astlinux-users] ipsec

Reply via email to