Re: [Ipsec-tools-users] Need some info regarding racoon.conf

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Priyaranjan,

On Thursday 21 May 2015 14:56:04 Priyaranjan Nayak wrote:
> Hi All,
> 
> I have install racoon in 14.04 LTS OS and configure like below and getting
> ERROR message
> My configuration is looks like below
> 
> log debug2;
> path pre_shared_key "/etc/racoon/psk.txt";
> path certificate "/etc/racoon/certs";
> 
>        remote anonymous
>         {
>                 exchange_mode aggressive ;
>                 my_identifier user_fqdn "www.netcloudsystems.com" ;
>                 lifetime time 24 hour ;
>                 proposal {
>                         encryption_algorithm 3des;
>                         hash_algorithm sha1;
>                         authentication_method pre_shared_key ;
>                         dh_group 2 ;
>                 }
>         }
> 
>         sainfo anonymous
>         {
>                 pfs_group 2;
>                 lifetime time 12 hour ;
>                 lifetime byte 50 MB ;

Remove the above line, it is no longer used (deprecated).

>                 encryption_algorithm 3des, blowfish, des, rijndael ;
>                 authentication_algorithm sha1, hmac_md5 ;
>                 compression_algorithm deflate ;
>         }
> 
> Once I start the racoon, I am getting below output in /var/log/syslog
> 
> May 21 19:13:31 priya racoon: INFO: @(#)ipsec-tools 0.8.0 (
> http://ipsec-tools.sourceforge.net)
> May 21 19:13:31 priya racoon: INFO: @(#)This product linked OpenSSL 1.0.1f
> 6 Jan 2014 (http://www.openssl.org/)
> May 21 19:13:31 priya racoon: INFO: Reading configuration from
> "/etc/racoon/racoon.conf"
> May 21 19:13:31 priya racoon: DEBUG2: lifetime = 86400
> May 21 19:13:31 priya racoon: DEBUG2: lifebyte = 0
> May 21 19:13:31 priya racoon: DEBUG2: encklen=0
> May 21 19:13:31 priya racoon: DEBUG2: p:1 t:1
> May 21 19:13:31 priya racoon: DEBUG2: 3DES-CBC(5)
> May 21 19:13:31 priya racoon: DEBUG2: SHA(2)
> May 21 19:13:31 priya racoon: DEBUG2: 1024-bit MODP group(2)
> May 21 19:13:31 priya racoon: DEBUG2: pre-shared key(1)
> May 21 19:13:31 priya racoon: DEBUG2:
> May 21 19:13:31 priya racoon: DEBUG: hmac(modp1024)
> May 21 19:13:31 priya racoon: ERROR: /etc/racoon/racoon.conf:61: "MB" byte
> lifetime support is deprecated

This log entry is telling you that line 61 of the configuration is using an 
old setting, which is no longer valid.  Remove it and this error should go 
away.

> May 21 19:13:31 priya racoon: ERROR: fatal parse failure (1 errors)
> 
> 
> 1. Do we have any process to check the /etc/racoon/racoon.conf file before
> starting the racoon ?

Not as far as I know.  Increase the verbosity of the log and it usually tells 
you what is wrong.

> 2. If anyone aware of this ERROR, Please explain it.

The man page (man 5 racoon.conf) explains in the sainfo section, that only 
this directive is currently in use:

  lifetime time number timeunit;

-- 
Regards,
Mick