racoon-tool doesn't generate full racoon.conf file in /var/lib/racoon/racoon.conf

Question

I am using ipsec-tools/racoon to create my VPN. I am using racoon-tool to configure racoon.conf but when I run racoon-tool reload it only generates the first section - Global items.

When I run racoon-tool I get:
# racoon-tool reload
Loading SAD and SPD...
SAD and SPD loaded.
Configuring racoon...done.

This is the entire file /var/lib/racoon/racoon.conf
#
# Racoon configuration for Samuel

# Generated on Wed Jan 5 21:31:49 2011 by racoon-tool
#

#
# Global items
#
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
log debug;

I cannot find anywhere a solution as to why this is happening. Please help

Answer 1

racoon-tool is not for creating the configuration, it's for controlling the racoon server/IPSEC from an existing configuration file. When the manpage says racoon-tool reload will "Regenerate configuration from /etc/racoon/racoon.conf, HUP racoon(8) and reinitialise the SPD and SAD." it means that it's loading the changes you've made to the configuration file, not that it's creating a new configuration file for you.

As for a utility to help you create a racoon.conf file... I've got nothing. KVpnc might help but it works as more of a client than a server and may just control racoon directly.

Answer 2

Racoon is probably regenerating your conf every time it is restarted and eventually reads it from /var/lib/racoon/racoon.fr

To change this behaviour, on Ubuntu, modify your /etc/default/racoon to

CONFIG_MODE="direct"

(rather than CONFIG_MODE="racoon-tool" ).

Then, restart racoon.