News: This forum is now permanently frozen.
Pages: [1]
Topic: racoon: ERROR: couldn't find configuration  (Read 6131 times)
« on: February 24, 2010, 16:23:21 »
grospouf93 *
Posts: 7

Hello,

I'am trying to use IPsec VPN between two Box (connected over Internet) :

Box 1 = m0n0wall v1.3 (soekris net4501)
Box 2 = pfSense v1.2.3 (Alix 2D3)

I have some problems on the m0n0wal box (box 1).

Here is my IPsec config :

Mode --> Tunnel
Disabled --> Not set (!^^)
Interface --> WAN    
NAT-T --> Not set
DPD interval seconds --> Not set (blank)
Local subnet --> Network (192.168.11.0/24)    
Remote subnet --> 192.168.10.0/24
Remote gateway    --> <remote_wan_ip>
--
Phase 1 proposal (Authentication)
--
Negotiation mode --> main    
My identifier --> My IP address    
Encryption algorithm --> 3DES    
Hash algorithm --> SHA1    
DH key group --> 2
Lifetime seconds --> Not set (blank)
Authentication method --> Pre-Shared Key
Pre-Shared Key --> <my_pre_shared_key>
Certificate --> Not set (Blank)
Key --> Not set (Blank)   
Peer certificate --> Not set (Blank)    
--
Phase 2 proposal (SA/Key Exchange)
--
Protocol --> ESP
*Encryption algorithms*
DES --> Not set
3DES --> Set
Blowfish --> Set
CAST128 --> Not set
Rijndael (AES) --> Not set
*Hash algorithms*
SHA1 --> Set
MD5 --> Set
PFS key group --> off    
Lifetime --> Not set (blank)

---
When i look into the logs, i get an "racoon: ERROR: couldn't find configuration"

[...]
Feb 24 16:08:33    last message repeated 17 times
Feb 24 15:58:03    last message repeated 16 times
Feb 24 15:48:14    last message repeated 3 times
Feb 24 15:46:13    racoon: ERROR: couldn't find configuration.
Feb 24 15:45:33    racoon: ERROR: couldn't find configuration.
Feb 24 15:44:55    racoon: INFO: 192.168.11.1[500] used for NAT-T
Feb 24 15:44:55    racoon: INFO: 192.168.11.1[500] used as isakmp port (fd=10)
Feb 24 15:44:55    racoon: INFO: 127.0.0.1[500] used for NAT-T
Feb 24 15:44:55    racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=9)
Feb 24 15:44:55    racoon: INFO: <my_ip>[500] used for NAT-T
Feb 24 15:44:55    racoon: INFO: <my_ip>[500] used as isakmp port (fd=8)
Feb 24 15:44:55    racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
Feb 24 15:44:55    racoon: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
[...]

Of course, nothing in the logs on the Box 2...  Cry

I think the problem come from Box 1, i restarted it few times, but still the same error...

Note : i recently upgraded my box 1 from m0n0wall v1.235 to v1.3 (embedded img)

What's the problem ?

Thx all
« Last Edit: February 25, 2010, 10:57:32 by grospouf93 »
« Reply #1 on: February 24, 2010, 23:16:16 »
rpsmith ***
Posts: 113

Lifetime seconds --> Not set (blank)

why did you leave both your lifetimes blank?

Roy...
« Reply #2 on: February 25, 2010, 15:01:08 »
grospouf93 *
Posts: 7

Ok,

I try to put,

Lifetime seconds --> 3600, in both of them --> Same problem in the logs... Cry

I try also to reinstall completly the system (formatting my CF with /dev/zero before gunzip the img on it), and then... Nothing append, i still have the same problem !

I don't known what to think... and to do  Cry

Is my CF broken ?

Any ideas ?
« Reply #3 on: March 04, 2010, 12:31:37 »
grospouf93 *
Posts: 7

Up ?  Tongue
« Reply #4 on: March 04, 2010, 15:37:10 »
brushedmoss ****
Posts: 446

go to /exec.php

and execute

cat /var/etc/racoon.conf


see if you have a file and if it's contents look sane
« Reply #5 on: March 04, 2010, 15:58:14 »
grospouf93 *
Posts: 7

Ok,

Here is the content of my /var/etc/racoon.conf :

And the rights are :

$ ls -al /var/etc/racoon.conf
-rw-r--r--  1 root  wheel  659 Mar  4 15:49 /var/etc/racoon.conf

$ cat /var/etc/racoon.conf
[start]
path pre_shared_key "/var/etc/psk.txt";

path certificate  "/var/etc";

remote <my_wan_box_2_IP> {
   exchange_mode main;
   my_identifier address "<my_wan_box_1_IP>";
   
   
   peers_identifier address <my_wan_box_2_IP>;
   initial_contact on;
   support_proxy on;
   proposal_check obey;
   dpd_delay 60;

   proposal {
      encryption_algorithm 3des;
      hash_algorithm sha1;
      authentication_method pre_shared_key;
      dh_group 2;
      lifetime time 3600 secs;
   }
   lifetime time 3600 secs;
}

sainfo address 192.168.1.0/24 any address 192.168.10.0/24 any {
   encryption_algorithm 3des,blowfish;
   authentication_algorithm hmac_sha1;
   compression_algorithm deflate;
   lifetime time 3600 secs;
}
[end]

Note : During my tests, i change my LAN address to 192.168.1.0/24 (so it's normal ^^)

---

Is there an anormal thing ?
« Reply #6 on: March 11, 2010, 11:46:27 »
grospouf93 *
Posts: 7

Up ?  Tongue
« Reply #7 on: March 24, 2010, 18:27:01 »
grospouf93 *
Posts: 7

Nobody have an idea ?  Huh plz... help me  Grin
« Reply #8 on: March 25, 2010, 07:40:51 »
knightmb ****
Posts: 341

Hard to say, I tried to emulate the settings you had, they worked from m0n0wall -> m0n0wall, so I'm not sure if it's an issue with it being a m0n0wall -> pfsense instead?

Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
« Reply #9 on: March 25, 2010, 13:48:27 »
grospouf93 *
Posts: 7

Yes, it's very strange... i have the same prob. with a pfSense box...

There is a thing that i must miss... But what thing ? That's the question...

By the way thanks for your reply knightmp  Wink

I will try to investigate more... Of course i will post my solution here if i can find one !

Thx
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines