Ipsec.conf syntax issue

Posted on 2012-09-05
Last Modified: 2012-09-06

I'm somewhat new to linux and I am trying to setup a connection between a Cisco ASA at a vendor site with my linux based firewall that we have deployed.  Read up on the documentation and Openswan seemed like it would be a good choice (feel free to correct me) so I pressed forward into making a config and testing it out.

Here is the config (identifying items replaced with x's)
# Manual: ipsec.conf.5
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
# Enable this if you see "failed to find any available worker"
conn XXXX # Here is the Name of the VPN connection.
type= tunnel
authby= secret
# Left XX
left= XX.XX.XXX.XX
leftsubnet= XX.X.XX.X/24
# Right XX
right= XXX.XXX.XXX.X
rightsubnet= XX.XXX.XX.X/24
# Type of cryptogrphy used on the VPN Tunnel
esp= 3des-md5-96
keyexchange= ike
pfs= no
auto= start
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
#include /etc/ipsec.d/*.conf

Open in new window

When I attempt to start here is what I get:

[root@XXXX~]# ipsec setup start
can not load config '/etc/ipsec.conf': /etc/ipsec.conf:11: syntax error, unexpected KEYWORD, expecting $end [interfaces]
Failed to parse config setup portion of ipsec.conf

Any advice or resources I should be looking at?  Thanks!
Question by:thasard
    LVL 39

    Accepted Solution

    IMHO, a good choice, the alternative would have been strongswan. [ similar product, they both forked from freeswan when freeswan team declared their work was done. ].
    Strongswan is more x509 based, openswan focusses on connectivity.
    For the issue at hand:
    Try to indent the items, the indentation is mandatory...
    A empty blank line ends a section...

    config setup
       interfaces ...
       klipsdebug ...

    conn XXXX
       type tunnel

    You can also specify an include directory where you store per connection config files [ might be easier to maintain ]

    Author Closing Comment

    Spacing was the issue, the service started no problem, now to resolve some handshake issues.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
    It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now