[Openswan Users] Problems setting up IPSec on RHEL 3

Matthew Claridge mclaridge at rwa-net.co.uk
Tue Aug 3 18:17:16 CEST 2004


Hi,

Hoping someone can help....I've battled through dodgy Red Hat 
documentation and a few bugs to get this far....

I'm trying to set up a LAN-2-LAN vpn from a RHEL 3 box to a Cisco 
router. This ought to work fine.....

My ipsec interface config looks like this:

TYPE=IPSEC
ONBOOT=yes
IKE_METHOD="PSK "
DST=194.73.118.113
SRCNET=172.18.100.0/24
DSTNET=145.224.7.0/24
AH_PROTO="hmac_sha1 "
ESP_PROTO="3des "


(if you're wondering why I've got spaces in some of those, its to get 
around a bug in racoon - when it generates the x.x.x.x.conf file, it is 
unable to parse the resulting file as it doesn't put spaces before the 
semi-colons at the end of lines! Adding spaces to those parameters gets 
around that problem and it successfully creates a readable file)

My /etc/racoon/racoon.conf file looks like:

path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

sainfo anonymous
{
        pfs_group 2;
        lifetime time 1 hour ;
        encryption_algorithm 3des, blowfish 448, rijndael ;
        authentication_algorithm hmac_sha1, hmac_md5 ;
        compression_algorithm deflate ;
}
include "/etc/racoon/194.73.118.113.conf";


and /etc/racoon/194.73.118.113.conf looks like:

remote 194.73.118.113
{
        exchange_mode aggressive, main;


which is obviously wrong as there's no closing brace in either file!

When I bring the interface up, I see the following error in the system log:

racoon: ERROR: cftoken.l:474:yyerror(): :0: "" no remote specification 
found: 194.73.118.113[500].
racoon: ERROR: cfparse.y:1375:cfparse(): fatal parse failure (1 errors)

so my question is: is this thing so full of bugs that I should simply 
give up and go home, or am I missing something fundamental and being 
really stupid in the process???

Help????

thanks in advance.
Matt



More information about the Users mailing list