[Openswan Users] Problems setting up IPSec on RHEL 3

Matthew Claridge mclaridge at rwa-net.co.uk
Tue Aug 3 18:17:16 CEST 2004


Hoping someone can help....I've battled through dodgy Red Hat 
documentation and a few bugs to get this far....

I'm trying to set up a LAN-2-LAN vpn from a RHEL 3 box to a Cisco 
router. This ought to work fine.....

My ipsec interface config looks like this:

AH_PROTO="hmac_sha1 "
ESP_PROTO="3des "

(if you're wondering why I've got spaces in some of those, its to get 
around a bug in racoon - when it generates the x.x.x.x.conf file, it is 
unable to parse the resulting file as it doesn't put spaces before the 
semi-colons at the end of lines! Adding spaces to those parameters gets 
around that problem and it successfully creates a readable file)

My /etc/racoon/racoon.conf file looks like:

path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

sainfo anonymous
        pfs_group 2;
        lifetime time 1 hour ;
        encryption_algorithm 3des, blowfish 448, rijndael ;
        authentication_algorithm hmac_sha1, hmac_md5 ;
        compression_algorithm deflate ;
include "/etc/racoon/";

and /etc/racoon/ looks like:

        exchange_mode aggressive, main;

which is obviously wrong as there's no closing brace in either file!

When I bring the interface up, I see the following error in the system log:

racoon: ERROR: cftoken.l:474:yyerror(): :0: "" no remote specification 
racoon: ERROR: cfparse.y:1375:cfparse(): fatal parse failure (1 errors)

so my question is: is this thing so full of bugs that I should simply 
give up and go home, or am I missing something fundamental and being 
really stupid in the process???


thanks in advance.

More information about the Users mailing list