pfSense Support Subscription

Author Topic: Help with error (racoon.conf:2: "500" parse error)  (Read 5445 times)

0 Members and 1 Guest are viewing this topic.

Offline artifact

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Help with error (racoon.conf:2: "500" parse error)
« on: January 02, 2007, 09:02:19 am »
Hello,

When i set up new pfsense instalation, then IPsec worked fine. One day it does not start up this service and display this error.

Code: [Select]
Jan 2 16:50:43 racoon: ERROR: /var/etc/racoon.conf:2: "500" parse error
Jan 2 16:50:43 racoon: ERROR: fatal parse failure (1 errors)

I opened /var/etc/racoon.conf who has no changed since it worked i guess.

Code: [Select]
listen {
isakmp  [500];

}
path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

remote xxx.xxx.xxx.xxx {
exchange_mode main;
my_identifier address "xxx.xxx.xxx.xxx";

peers_identifier address xxx.xxx.xxx.xxx;
initial_contact on;
support_proxy on;
proposal_check obey;

proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 3600 secs;
}
lifetime time 3600 secs;
}

sainfo address 192.168.1.0/24 any address 192.168.0.0/24 any {
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
pfs_group 2;
lifetime time 3600 secs;
}

remote xxx.xxx.xxx.xxx {
exchange_mode main;
my_identifier address "xxx.xxx.xxx.xxx";

peers_identifier address xxx.xxx.xxx.xxx;
initial_contact on;
support_proxy on;
proposal_check obey;

proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 3600 secs;
}
lifetime time 3600 secs;
}

sainfo address 192.168.1.0/24 any address 192.168.5.0/24 any {
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
pfs_group 2;
lifetime time 3600 secs;
}

remote xxx.xxx.xxx.xxx {
exchange_mode main;
my_identifier address "xxx.xxx.xxx.xxx";

peers_identifier address xxx.xxx.xxx.xxx;
initial_contact on;
support_proxy on;
proposal_check obey;

proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 3600 secs;
}
lifetime time 3600 secs;
}

sainfo address 192.168.1.0/24 any address xxx.xxx.xxx.xxx/23 any {
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
pfs_group 2;
lifetime time 3600 secs;
}

remote anonymous {
exchange_mode main;
my_identifier address "xxx.xxx.xxx.xxx";

initial_contact on;
passive on;
generate_policy on;
support_proxy on;
proposal_check obey;

proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 3600 secs;
}
lifetime time 3600 secs;
}

sainfo anonymous {
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
pfs_group 2;
lifetime time 3600 secs;
}

How to solve this?

I tried to comment out:

Code: [Select]
listen {
#isakmp  [500];

}

then it worked atleast phrase 1

Help! :))

Tnx!

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +3/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #1 on: January 02, 2007, 09:04:17 am »
Are you already running one of the latest snapshots? Which version is this? (please include version and build date from status>system)

Offline artifact

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #2 on: January 02, 2007, 09:18:18 am »
Name     pfsense
Version    1.0.1
built on Sun Oct 29 01:07:16 UTC 2006
Platform    pfSense

P.s I tried to backup settings, then reset factory defaults, then back. Result the same.
« Last Edit: January 02, 2007, 09:23:44 am by artifact »

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #3 on: January 02, 2007, 11:45:10 am »
Have you set a failover ipsec option by chance?

Offline artifact

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #4 on: January 02, 2007, 12:08:46 pm »
Yes i set once, but then i emptied this field and save. That is the problem? And how to solve that? It was empty before and now, but maybe something has left in configuration?

:)
« Last Edit: January 02, 2007, 12:27:37 pm by artifact »

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #5 on: January 02, 2007, 12:45:48 pm »
Yes i set once, but then i emptied this field and save. That is the problem? And how to solve that? It was empty before and now, but maybe something has left in configuration?

:)

Double check that the field really is empty and not a space, etc.

Offline artifact

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #6 on: January 02, 2007, 01:05:54 pm »
I am shure that this field is empty. Could it be so, i pressed on empty Failover IP SAVE button, and by that moment ipsec sopped? It seems so.

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #7 on: January 02, 2007, 02:05:04 pm »
Try setting your WANIP in this box and see if it goes away.  It may be a problem of us clearing the item.  Also, try this from a shell and let me know what it says:

cat /cf/conf/config.xml | grep failoverip

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +3/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #8 on: January 02, 2007, 02:19:22 pm »
In case the IP is not cleared download your config.xml from diagnostics>backup/restore, manually remove the item and upload it again. But first Do what Scott asked for please.

Offline artifact

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #9 on: January 02, 2007, 02:48:01 pm »
Ok,

Ill checked WAN ip, and there ir everything ok.

Code: [Select]
Interfaces: WAN
Type: Static
Static IP configuration: Correct
Other settings - empty
FTP Helper  Disable the userland FTP-Proxy application  [CHECKED]
Block private networks [CHECKED]

Code: [Select]
Diagnostics: Ping

Host  : www.yahoo.com
Interface  WAN
Count 3
   
Ping output:

PING www.yahoo-ht2.akadns.net (209.73.186.238) from 159.148.175.210: 56 data bytes
64 bytes from 209.73.186.238: icmp_seq=0 ttl=50 time=176.817 ms
64 bytes from 209.73.186.238: icmp_seq=1 ttl=50 time=176.690 ms
64 bytes from 209.73.186.238: icmp_seq=2 ttl=50 time=176.749 ms

--- www.yahoo-ht2.akadns.net ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 176.690/176.752/176.817/0.052 ms
 

cat /cf/conf/config.xml | grep failoverip returned nothing.

/cf/conf/config.xml - only here found some failover string and no more in this file.
Code: [Select]
<dhcpd>
<lan>
<enable>yes</enable>
<range>
<from>192.168.1.101</from>
<to>192.168.1.199</to>
</range>
<defaultleasetime/>
<maxleasetime/>
<netmask/>
[b]<failover_peerip/>[/b]
<gateway/>
<dnsserver>192.168.1.200</dnsserver>
</lan>
</dhcpd>


Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #10 on: January 02, 2007, 02:49:59 pm »
What version is this again?  That all looks fine to me.

Offline artifact

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #11 on: January 02, 2007, 02:56:03 pm »
Version 1.0.1
built on Sun Oct 29 01:07:16 UTC 2006


Tnx ;)
« Last Edit: January 03, 2007, 02:30:26 am by artifact »

Offline artifact

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #12 on: January 02, 2007, 03:07:13 pm »
Also if i try to launch racoon from shell


# racoon -f /var/etc/racoon.conf
racoon: failed to parse configuration file.

Offline artifact

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #13 on: January 03, 2007, 04:55:39 am »
I reseted my two month old settings from backup and there now is error like this, whats wrong??


Code: [Select]
Jan 3 11:08:10 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Jan 3 11:08:10 racoon: INFO: 192.168.1.1[500] used as isakmp port (fd=19)
Jan 3 11:08:10 racoon: INFO: fe80::230:4fff:fe25:33b0%rl0[500] used as isakmp port (fd=18)
Jan 3 11:08:10 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Jan 3 11:08:10 racoon: INFO: xxx.xxx.xxx.xxx[500] used as isakmp port (fd=17)
Jan 3 11:08:10 racoon: INFO: fe80::201:29ff:fe93:1125%vr0[500] used as isakmp port (fd=16)
Jan 3 11:08:10 racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Jan 3 11:08:10 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
Jan 3 11:08:10 racoon: INFO: ::1[500] used as isakmp port (fd=14)
Jan 3 11:08:10 racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=13)
Jan 3 11:08:10 racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Jan 3 11:08:10 racoon: INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)
Jan 3 11:08:09 racoon: INFO: racoon shutdown
Jan 3 11:08:08 racoon: INFO: caught signal 15

Offline jahonix

  • Hero Member
  • *****
  • Posts: 845
  • Karma: +0/-0
    • View Profile
Re: Help with error (racoon.conf:2: "500" parse error)
« Reply #14 on: January 04, 2007, 05:41:15 am »
Same over here. I am to dumb to get IPsec to work...  :-[

I got some Firewall block messages from TCP Port 500 in the logs.
My static site is really knocked down on ports - do I have to open up something special here?

Needless to say, the tunnel is not coming up and I cannot ping a host on the other side.
Both pfSenses are 1.0.1 Snapshot 2006-DEC-23 with PPPoE ADSL.
Office has a static IP, home a dynamic one. NO SAD or SPD entries on static side and only SPD on dynamic end where I also get this:
 
Diagnostics: System logs: IPSEC VPN
Jan 4 10:48:10    racoon: ERROR: fatal parse failure (1 errors)
Jan 4 10:48:10    racoon: ERROR: /var/etc/racoon.conf:2: "500" parse error
Jan 4 10:48:10    racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Jan 4 10:48:10    racoon: INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)

Does the  "500" parse error  relate to a port issue??
« Last Edit: January 04, 2007, 05:54:17 am by jahonix »
Chris


Theoretically, theory and practis should be the same.
Practically they aren't.