Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Cisco VPN connection fails with "A configuration error occurred"

I am trying to set up a VPN connection using Snow Leopard's Cisco IPsec VPN type.

I have successfully entered my VPN server address, account name, password, group name, and imported a machine certificate.

When I attempt to connect, I get an error, "A configuration error occurred. Verify your settings and try reconnecting."

system.log shows a message, "racoon: failed to parse configuration file." which makes me think maybe there is a bug here.

Has anyone seen this and fixed it?

Has anyone got the Oracle IPSec VPN client working at all?

Mac OS X (10.6.2)

Posted on Jan 8, 2010 9:49 PM

Reply
3 replies

Apr 2, 2010 2:02 PM in response to Adam Aulick

I get the same thing, but only if I enter a "Group Name". Without a group name, I get timeouts during Phase 1 that I'm still trying to diagnose, but with a group name I get the same generic error message you do.

If I capture the generated config file and try and manually invoke racoon with it, I get the further information from racoon as such:

2010-04-02 15:39:29: [5778] INFO: *** racoon started: pid=5778 started by: 627
2010-04-02 15:39:29: [5778] INFO: @(#) racoon / IPsec-tools
2010-04-02 15:39:29: [5778] INFO: @(#)This product linked OpenSSL 0.9.8l 5 Nov 2009 ( http://www.openssl.org/)
2010-04-02 15:39:29: [5778] INFO: Reading configuration from "/etc/racoon/racoon.conf"
2010-04-02 15:39:29: [5778] WARNING: /var/run/racoon/{VPN-IP-hidden}.conf:17: "support_mip6" it is obsoleted. use "support_proxy".
2010-04-02 15:39:29: [5778] ERROR: /var/run/racoon/{VPN-IP-hidden}.conf:101: "}" DH group must be equal in all proposals when aggressive mode is used.
2010-04-02 15:39:29: [5778] ERROR: fatal parse failure (1 errors)
racoon: failed to parse configuration file.
Apr 2 15:39:29 Thoth racoon[5778]: Configuration Parse Error. (cfparse: yyparse erred, filename /etc/racoon/racoon.conf). (failure: fatal parse failure)

Looks like it's time to open a bug report with Apple directly. (Which I'm about to do.)

Apr 17, 2010 3:12 PM in response to Adam Aulick

Hi Adam

I'm facing the same issue. I can use the Sun VPN (IPsec) fine but can't connect using the Oracle VPN (IPsec hybrid). iMac uses racoon (open source IPsec tools), googled it and racoon does seem to support IPsec hybrid mode.

For the Oracle VPN I added [hybrid] after the group name (long path of discovery). So I changed the group name to

<beeep>en[hybrid]

This does not make it work 😟 but it makes the error change to "could not validate the server certificate. Verify ..." wow! does that mean I'm on the right path?

Where is the racoon conf file ?

Where do I drop the certificate (the certificate you can get form the linux vpn client on mydesktop)?
I tried dropping it in my key chain but had no success. I think I need to drop it in /etc/cert (see /etc/racoon/racoon.conf) but I haven't got the fogiest Idea what to name the file .

Apr 17, 2010 6:46 PM in response to Hendricius

Hi

I think it will never work unless Apple updates the racoon software ?

I started crafting an oracle.conf to get past the System Preference tool and
dropped an oracle.vpn in /var/run/racoon .

racoonctl rc
racoonctr vc <fqdn of vpn server>

I don't get past phase 1 because there is a known bug in the NAT-T process.
The part of the log file that gave me a clue

2010-04-17 14:52:31: [11632] DEBUG: agreed on Hybrid RSA client auth.

Sweet that means we're in ... but hold on

2010-04-17 14:52:31: [11632] INFO: Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02
2010-04-17 14:52:31: [11632] INFO: NAT-D payload #-1 doesn't match
2010-04-17 14:52:31: [11632] INFO: NAT-D payload #0 doesn't match
2010-04-17 14:52:31: [11632] INFO: NAT detected: ME PEER

Wow - bing that - it is a bug that was known since 2005 !!!!!!!

I did

strings /usr/sbin/racoon | grep ipsec

and it willl show that ipsec tools is version 93.6 which seems ancient.
I can't say how disappointed I am.

Hendrik

Cisco VPN connection fails with "A configuration error occurred"

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.