[Ipsec-tools-users] dnssec error

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello,

I'm trying to set up my racoon to read certificates from dns.
Therefore I put "peers_certfile dnssec;" into my racoon.conf.

Now I get the following error :

[root@nhrpserver ~]# racoon -Fdd
Foreground mode.
2009-03-04 14:19:42: INFO: @(#)ipsec-tools 0.8-alpha20090126 
(http://ipsec-tools.sourceforge.net)
2009-03-04 14:19:42: INFO: @(#)This product linked OpenSSL 0.9.8j 07 Jan 
2009 (http://www.openssl.org/)
2009-03-04 14:19:42: INFO: Reading configuration from 
"/usr/local/etc/racoon.conf"
2009-03-04 14:19:42: DEBUG: call pfkey_send_register for AH
2009-03-04 14:19:42: DEBUG: call pfkey_send_register for ESP
2009-03-04 14:19:42: DEBUG: call pfkey_send_register for IPCOMP
2009-03-04 14:19:42: DEBUG: open /usr/local/var/racoon/racoon.sock as 
racoon management.
2009-03-04 14:19:42: DEBUG: reading config file /usr/local/etc/racoon.conf
2009-03-04 14:19:42: ERROR: /usr/local/etc/racoon.conf:14: "dnssec" 
Different peers_certfile method already defined!

2009-03-04 14:19:42: ERROR: fatal parse failure (1 errors)
racoon: failed to parse configuration file.

Here's the complete racoon.conf file :

# Racoon IKE daemon configuration file.
# See 'man racoon.conf' for a description of the format and entries.

path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

remote anonymous {
        exchange_mode aggressive;
        lifetime time 24 hour;
        dpd_delay 2;
        dpd_retry 2;
        dpd_maxfail 2;
        rekey on;
        peers_certfile dnssec;
        certificate_type plain_rsa "/etc/racoon/certs/nhrpserver.rsa";
        script "/etc/opennhrp/racoon-ph1down.sh" phase1_down;
        proposal {
                encryption_algorithm aes;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }       
}

sainfo anonymous {
        pfs_group 2;
        lifetime time 1 hour ;
        encryption_algorithm aes ;
        authentication_algorithm hmac_sha1 ;
        compression_algorithm deflate ;
}

Why do I get this error ? Another peers_certifile seems to be defined 
nowhere.

thanks

Claude