Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Ipsec.conf syntax issue

Posted on 2012-09-05
Medium Priority
Last Modified: 2012-09-06

I'm somewhat new to linux and I am trying to setup a connection between a Cisco ASA at a vendor site with my linux based firewall that we have deployed.  Read up on the documentation and Openswan seemed like it would be a good choice (feel free to correct me) so I pressed forward into making a config and testing it out.

Here is the config (identifying items replaced with x's)
# Manual: ipsec.conf.5
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
# Enable this if you see "failed to find any available worker"
conn XXXX # Here is the Name of the VPN connection.
type= tunnel
authby= secret
# Left XX
left= XX.XX.XXX.XX
leftsubnet= XX.X.XX.X/24
# Right XX
right= XXX.XXX.XXX.X
rightsubnet= XX.XXX.XX.X/24
# Type of cryptogrphy used on the VPN Tunnel
esp= 3des-md5-96
keyexchange= ike
pfs= no
auto= start
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
#include /etc/ipsec.d/*.conf

Open in new window

When I attempt to start here is what I get:

[root@XXXX~]# ipsec setup start
can not load config '/etc/ipsec.conf': /etc/ipsec.conf:11: syntax error, unexpected KEYWORD, expecting $end [interfaces]
Failed to parse config setup portion of ipsec.conf

Any advice or resources I should be looking at?  Thanks!
Question by:thasard
LVL 41

Accepted Solution

noci earned 2000 total points
ID: 38371495
IMHO, a good choice, the alternative would have been strongswan. [ similar product, they both forked from freeswan when freeswan team declared their work was done. ].
Strongswan is more x509 based, openswan focusses on connectivity.
For the issue at hand:
Try to indent the items, the indentation is mandatory...
A empty blank line ends a section...

config setup
   interfaces ...
   klipsdebug ...

conn XXXX
   type tunnel

You can also specify an include directory where you store per connection config files [ might be easier to maintain ]

Author Closing Comment

ID: 38374097
Spacing was the issue, the service started no problem, now to resolve some handshake issues.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension . This reminded me of questions that come up here at EE along the lines of, "How can I tell the type of file from its cont…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month10 days, 19 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question