[ previous ] [ next ] [ threads ]
 
 From:  Bjoern Euler <lists at edain dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  bug report: ipsec with empty fqdn
 Date:  Thu, 24 Aug 2006 21:12:14 +0200
Hi,

a small bug report, found with 1.23b1 on WRAP platform.

I've added a IPSec tunnel, set the identifier field to Domain Name but 
left the field empty. It will save and apply the changes but racoon will 
complain about the missing parameter in the log:

Error Log:
Aug 24 20:43:09 	racoon: ERROR: fatal parse failure (1 errors)
Aug 24 20:43:09 	racoon: ERROR: /var/etc/racoon.conf:61: """ failed to 
set identifer.
Aug 24 20:43:09 	racoon: ERROR: Empty fqdn

When changing to IP address or User FQDN and leaving the field empty 
m0n0wall will not take the settings and complain.

I had a quick look at \usr\local\www\vpn_ipsec_edit.php, line 195, where 
the checks are done but couldn't find any obvious problem (but since I'm 
not a dev this doesn't mean anything).

Below is the config.xml part for that tunnel.

Can someone confirm this issue?




Configuration (VPN part):
         <tunnel>
             <interface>wan</interface>
             <local-subnet>
                 <network>lan</network>
             </local-subnet>
             <remote-subnet>192.168.98.0/24</remote-subnet>
             <remote-gateway>217.7.95.3</remote-gateway>
             <p1>
                 <mode>main</mode>
                 <myident>
                     <fqdn/>
                 </myident>
                 <encryption-algorithm>3des</encryption-algorithm>
                 <hash-algorithm>sha1</hash-algorithm>
                 <dhgroup>2</dhgroup>
                 <lifetime>84600</lifetime>
                 <pre-shared-key>xxxxx</pre-shared-key>
                 <private-key/>
                 <cert/>
                 <peercert/>
 
<authentication_method>pre_shared_key</authentication_method>
             </p1>
             <p2>
                 <protocol>esp</protocol>
 
<encryption-algorithm-option>3des</encryption-algorithm-option>
 
<encryption-algorithm-option>blowfish</encryption-algorithm-option>
 
<encryption-algorithm-option>cast128</encryption-algorithm-option>
 
<encryption-algorithm-option>rijndael</encryption-algorithm-option>
                 <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
                 <hash-algorithm-option>hmac_md5</hash-algorithm-option>
                 <pfsgroup>5</pfsgroup>
                 <lifetime>3200</lifetime>
             </p2>
             <descr>tunneltest</descr>
         </tunnel>