From: Mike J. <mja...@mo...> - 2007-11-29 00:30:30
|
Hello, I'm attemtping to establish a vpn tunnel between a linux machine(my side) and a cisco vpn concentrator(remote side). The remote side admin has his side configured for lifetime bytes, and is unable to remove this config option. When I enable lifetime bytes on my side, I get the following error: ERROR: /etc/racoon/racoon.conf:50: "KB" byte lifetime support is deprecated The error results in racoon failing to start. I'm using ipsec-tools 0.6.6. I noticed the 0.7 change log states the following: src/racoon/handler.c: ignore obsolete lifebyte when validating reloaded configuration Does this mean that "lifetime bytes" config option is ignored, or that having "lifetime bytes" configured will not result in a failure to start the app? Or, are the two not even related? If so, is there an alternative config option we can use for "lifetime bytes?" Forgive me if this topic has already been addressed. -- Mike |
From: Giulio F. <au...@zi...> - 2007-11-29 13:43:56
|
Mike Jaquays wrote: > Hello, > > I'm attemtping to establish a vpn tunnel between a linux machine(my > side) and a cisco vpn concentrator(remote side). The remote side admin > has his side configured for lifetime bytes, and is unable to remove this > config option. When I enable lifetime bytes on my side, I get the > following error: > > ERROR: /etc/racoon/racoon.conf:50: "KB" byte lifetime support is deprecated > > The error results in racoon failing to start. I'm using ipsec-tools > 0.6.6. I noticed the 0.7 change log states the following: > > src/racoon/handler.c: ignore obsolete lifebyte when validating > reloaded configuration > > Does this mean that "lifetime bytes" config option is ignored, or that > having "lifetime bytes" configured will not result in a failure to start > the app? Or, are the two not even related? If so, is there an > alternative config option we can use for "lifetime bytes?" > > Forgive me if this topic has already been addressed. > I cannot help you with this issue, but I just wanted to ask you if you were able to interoperate with a cisco. I haven't been able to make it work, and nobody here could help me. If you have a working configuration for racoon please share... :-) |
From: VANHULLEBUS Y. <va...@fr...> - 2007-11-29 14:07:35
|
On Wed, Nov 28, 2007 at 06:30:33PM -0600, Mike Jaquays wrote: > Hello, Hi. > I'm attemtping to establish a vpn tunnel between a linux machine(my > side) and a cisco vpn concentrator(remote side). The remote side admin > has his side configured for lifetime bytes, and is unable to remove this > config option. When I enable lifetime bytes on my side, I get the > following error: > > ERROR: /etc/racoon/racoon.conf:50: "KB" byte lifetime support is deprecated > > The error results in racoon failing to start. I'm using ipsec-tools > 0.6.6. I noticed the 0.7 change log states the following: > > src/racoon/handler.c: ignore obsolete lifebyte when validating > reloaded configuration > > Does this mean that "lifetime bytes" config option is ignored, or that > having "lifetime bytes" configured will not result in a failure to start > the app? Or, are the two not even related? If so, is there an > alternative config option we can use for "lifetime bytes?" Actually, this will make racoon consider the configuration file as broken, so racoon won't start correctly. We could consider adding a --enable-lifebyte option in configure, and it wouldn't be too difficult to do that as most of the code needed to support lifebytes seems to still be there and just #ifdef 0. But remember that such support has been disabled because it basically sucks, and generates lots of probems. Yvan. |