Dominko Vrljic wrote:
> Does anyone successfully run ipsec in astlinux 0.4.3 or in version
> produced by development environment?
> I always get error:
> racoon: failed to parse configuration file.
> It seams racoon is unable to parse configuration file no matter what is
> in file. E.g.
> Oct 5 17:27:34 pbx daemon.info racoon: INFO: @(#)ipsec-tools 0.6.6
> (http://ipsec-tools.sourceforge.net)
> Oct 5 17:27:34 pbx daemon.info racoon: INFO: @(#)This product linked
> OpenSSL 0.9.7e 25 Oct 2004 (http://www.openssl.org/)
> Oct 5 17:27:35 pbx daemon.info racoon: ERROR: /mnt/kd/racoon.conf:3:
> "listen" parse error
> Oct 5 17:27:35 pbx daemon.info racoon: ERROR: fatal parse failure (1
> errors)
> But I have some version of racoon that works well. It is compiled at
> beginning of July and version is 0.6.6. What is changed in meantime?
>
> Dominko
>
Dominko,
It looks like it does not like your listen directive for some reason.
Can you post a sanitized copy of your config file? I have this working
between AstLinux and a Cisco 2811 ISR:
path include "/etc";
path pre_shared_key "/etc/psk.txt";
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}
listen
{
isakmp xxx.xxx.xxx.xxx [500];
}
# Specification of default various timer.
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per a send.
# timer for waiting to complete each phase.
phase1 90 sec;
phase2 90 sec;
}
# Remote Office - Main Office VPN
remote xxx.xxx.xxx.xxx {
my_identifier address xxx.xxx.xxx.xxx;
exchange_mode aggressive,main;
initial_contact off;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous
{
pfs_group 2;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
lifetime time 3600 sec;
}
--
Kristian Kielhofner
_______________________________________________
Astlinux-users mailing list
[email protected]
http://lists.kriscompanies.com/mailman/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL
PROTECTED]