From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2 Description of problem: When setting up an ipsec interface with the following config: TYPE=IPSEC ONBOOT=yes IKE_METHOD=PSK DST=194.73.118.113 SRCNET=172.18.100.0/24 DSTNET=145.224.7.0/24 AH_PROTO=hmac_sha1 ESP_PROTO=3des the automatically generated 194.73.118.113.conf raccoon configuration file contains errors, which manifest themselves in the log file as: ERROR: cftoken.l:474:yyerror(): /etc/racoon/194.73.118.113.conf:7: ";" algorithm mismatched 1 This is because there are spaces put in the file between the values and the semi-colon. Amending the config file to read: TYPE=IPSEC ONBOOT=yes IKE_METHOD="PSK " DST=194.73.118.113 SRCNET=172.18.100.0/24 DSTNET=145.224.7.0/24 AH_PROTO="hmac_sha1 " ESP_PROTO="3des " fixes the parse errors (note the spaces added to the values for IKE_METHOD, AH_PROTO, ESP_PROTO My /etc/racoon/racoon.conf reads: path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; sainfo anonymous { pfs_group 2; lifetime time 1 hour ; encryption_algorithm 3des, blowfish 448, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } include "/etc/racoon/194.73.118.113.conf"; Version-Release number of selected component (if applicable): 0.2.3 How reproducible: Always Steps to Reproduce: 1. Create an ipsec interface using supplied config parameters 2. Bring the interface up with /sbin/ifup ipsec0 3. Check the errors in /var/log/messages Actual Results: Errors found in log file. Interface fails to come up. Expected Results: Interface should come up with no errors. Additional info:
What specific versions of initscripts and ipsec-tools do you have?
initscripts-7.31.13.EL-1 ipsec-tools-0.2.5-0.5 (ipsec itself reports version 0.2.3 in the log file)
Can you attach /etc/racoon/194.73.118.113.conf?
Created attachment 102392 [details] First requested config file
Created attachment 102393 [details] First requested config file
Two files attached: 194.73.118.113.conf.no_spaces is the result of a 'correct' ipsec0 configuration with no spaces inserted. 194.73.118.113.conf.with_spaces is the result of adding spaces into the device config. Although the file is obviously incorrect, it is the only way around the parse errors
Please reattach the second as text/plain; it appears to have been corrupted.
Created attachment 102395 [details] Second config file Second file again
The second file you posted keeps appearing just as: --- remote 194.73.118.113 { exchange_mode aggressive, main; --- Obviously, this isn't right.
that's the complete file - that's all it generates....
Apologies for the lack of response. I believe the problem is just the encryption algorithm - for racoon, you need 'sha1', not 'hmac_sha1'. (Yes, setkey and racoon take different names for the same algorithm.)