[Ipsec-tools-users] dnssec error
Brought to you by:
mit_warlord,
netbsd
From: Claude T. <cla...@ie...> - 2009-03-04 13:44:40
|
Hello, I'm trying to set up my racoon to read certificates from dns. Therefore I put "peers_certfile dnssec;" into my racoon.conf. Now I get the following error : [root@nhrpserver ~]# racoon -Fdd Foreground mode. 2009-03-04 14:19:42: INFO: @(#)ipsec-tools 0.8-alpha20090126 (http://ipsec-tools.sourceforge.net) 2009-03-04 14:19:42: INFO: @(#)This product linked OpenSSL 0.9.8j 07 Jan 2009 (http://www.openssl.org/) 2009-03-04 14:19:42: INFO: Reading configuration from "/usr/local/etc/racoon.conf" 2009-03-04 14:19:42: DEBUG: call pfkey_send_register for AH 2009-03-04 14:19:42: DEBUG: call pfkey_send_register for ESP 2009-03-04 14:19:42: DEBUG: call pfkey_send_register for IPCOMP 2009-03-04 14:19:42: DEBUG: open /usr/local/var/racoon/racoon.sock as racoon management. 2009-03-04 14:19:42: DEBUG: reading config file /usr/local/etc/racoon.conf 2009-03-04 14:19:42: ERROR: /usr/local/etc/racoon.conf:14: "dnssec" Different peers_certfile method already defined! 2009-03-04 14:19:42: ERROR: fatal parse failure (1 errors) racoon: failed to parse configuration file. Here's the complete racoon.conf file : # Racoon IKE daemon configuration file. # See 'man racoon.conf' for a description of the format and entries. path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; remote anonymous { exchange_mode aggressive; lifetime time 24 hour; dpd_delay 2; dpd_retry 2; dpd_maxfail 2; rekey on; peers_certfile dnssec; certificate_type plain_rsa "/etc/racoon/certs/nhrpserver.rsa"; script "/etc/opennhrp/racoon-ph1down.sh" phase1_down; proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 1 hour ; encryption_algorithm aes ; authentication_algorithm hmac_sha1 ; compression_algorithm deflate ; } Why do I get this error ? Another peers_certifile seems to be defined nowhere. thanks Claude |