Discussion:
[Openswan Users] cannot load config '/etc/ipsec.conf'
robert k Wild
2016-11-03 12:24:15 UTC
Permalink
hi all,

i have followed this guide -

http://blog.earth-works.com/2013/02/22/how-to-set-up-openswan-l2tp-vpn-server-on-centos-6/

and i am stuck on starting the ipsec service, i get the below error -

[***@vpn ~]# service ipsec start
Starting pluto IKE daemon for IPsec: cannot load config '/etc/ipsec.conf':
/etc/ipsec.conf:12: syntax error, unexpected STRING, expecting $end
[<strong>virtual_private]
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:12: syntax error,
unexpected STRING, expecting $end [<strong>virtual_private]
unknown stack
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:12: syntax error,
unexpected STRING, expecting $end [<strong>virtual_private]
..... [FAILED]
[***@vpn ~]#

can anyone please help me

many thanks,

rob
--
Regards,

Robert K Wild.
Samir Hussain
2016-11-03 12:33:46 UTC
Permalink
Hello,

There is a typo in the guide. In the /etc/ipsec.conf example, they have

<strong>virtual_private=%v4:10.0.100.0/24

</strong>conn L2TP-PSK

The <strong> tag should be removed so it would be:

<virtual_private=%v4:10.0.100.0/24

conn L2TP-PSK


Samir
Post by robert k Wild
hi all,
i have followed this guide -
http://blog.earth-works.com/2013/02/22/how-to-set-up-openswan-l2tp-vpn-server-on-centos-6/
and i am stuck on starting the ipsec service, i get the below error -
Starting pluto IKE daemon for IPsec: cannot load config
'/etc/ipsec.conf': /etc/ipsec.conf:12: syntax error, unexpected STRING,
expecting $end [<strong>virtual_private]
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:12: syntax error,
unexpected STRING, expecting $end [<strong>virtual_private]
unknown stack
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:12: syntax error,
unexpected STRING, expecting $end [<strong>virtual_private]
..... [FAILED]
can anyone please help me
many thanks,
rob
--
Regards,
Robert K Wild.
_______________________________________________
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
_______________________________________________
***@lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/1
robert k Wild
2016-11-03 12:51:58 UTC
Permalink
mmm...

i still getting an error message, not the same but another syntax error

heres my config file -

config setup
interfaces=%defaultroute
klipsdebug=none
nat_traversal=yes
nhelpers=0
oe=off
plutodebug=none
plutostderrlog=/var/log/pluto.log
protostack=netkey
virtual_private=%v4:172.16.8.0/21

conn=L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
type=transport
forceencaps=yes
right=%any
rightsubnet=vhost:%any,%priv
rightprotoport=17/0
# Using the magic port of "0" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
# high port, but propose "0" instead of their port.
left=%defaultroute
leftprotoport=17/1701
# Apple iOS doesn't send delete notify so we need dead peer detection
# to detect vanishing clients
dpddelay=10
dpdtimeout=90
dpdaction=clear
Post by Samir Hussain
Hello,
There is a typo in the guide. In the /etc/ipsec.conf example, they have
<strong>virtual_private=%v4:10.0.100.0/24
</strong>conn L2TP-PSK
<virtual_private=%v4:10.0.100.0/24
conn L2TP-PSK
Samir
Post by robert k Wild
hi all,
i have followed this guide -
http://blog.earth-works.com/2013/02/22/how-to-set-up-
openswan-l2tp-vpn-server-on-centos-6/
Post by robert k Wild
and i am stuck on starting the ipsec service, i get the below error -
Starting pluto IKE daemon for IPsec: cannot load config
'/etc/ipsec.conf': /etc/ipsec.conf:12: syntax error, unexpected STRING,
expecting $end [<strong>virtual_private]
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:12: syntax error,
unexpected STRING, expecting $end [<strong>virtual_private]
unknown stack
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:12: syntax error,
unexpected STRING, expecting $end [<strong>virtual_private]
..... [FAILED]
can anyone please help me
many thanks,
rob
--
Regards,
Robert K Wild.
_______________________________________________
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
--
Regards,

Robert K Wild.
Samir Hussain
2016-11-03 12:54:36 UTC
Permalink
Could you also provide the output when you start the ipsec service please
Post by robert k Wild
mmm...
i still getting an error message, not the same but another syntax error
_______________________________________________
***@lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/
robert k Wild
2016-11-03 13:03:03 UTC
Permalink
[***@vpn ~]# service ipsec start
Starting pluto IKE daemon for IPsec: cannot load config '/etc/ipsec.conf':
/etc/ipsec.conf:14: syntax error, unexpected CONN [conn]
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:14: syntax error,
unexpected CONN [conn]
unknown stack
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:14: syntax error,
unexpected CONN [conn]
..... [FAILED]
Post by Samir Hussain
Could you also provide the output when you start the ipsec service please
Post by robert k Wild
mmm...
i still getting an error message, not the same but another syntax error
--
Regards,

Robert K Wild.
Samir Hussain
2016-11-03 13:16:58 UTC
Permalink
Hello,

Your conn command is indented which seems to be causing the problem.
Please remove any spacing/tab so it is at the left most edge.


That should hopefully fix any issues with your config.

Samir
Post by robert k Wild
Starting pluto IKE daemon for IPsec: cannot load config
'/etc/ipsec.conf': /etc/ipsec.conf:14: syntax error, unexpected CONN
[conn]
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:14: syntax
error, unexpected CONN [conn]
unknown stack
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:14: syntax
error, unexpected CONN [conn]
..... [FAILED]
Could you also provide the output when you start the ipsec service please
Post by robert k Wild
mmm...
i still getting an error message, not the same but another
syntax error
--
Regards,
Robert K Wild.
robert k Wild
2016-11-03 14:42:27 UTC
Permalink
awesome, you are amazing!

who would had thought just an indent would have stopped the config file
from running

[***@vpn ~]# ipsec verify
Verifying installed system and configuration files

Version check and ipsec on-path [OK]
Libreswan 3.15 (netkey) on 2.6.32-642.el6.x86_64
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [NOT DISABLED]

Disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will act on or
cause sending of bogus ICMP redirects!

ICMP default/accept_redirects [NOT DISABLED]

Disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will act on
or cause sending of bogus ICMP redirects!

XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Hardware random device [N/A]
Checking rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/default/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/lo/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/eth0/rp_filter [ENABLED]
rp_filter is not fully aware of IPsec and should be disabled
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto ipsec.secret syntax [OK]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPSChecking for
obsolete ipsec.conf options [OK]
Opportunistic Encryption [DISABLED]

ipsec verify: encountered 9 errors - see 'man ipsec_verify' for help
[***@vpn ~]#

i dont know what the 9 errors are but it says everything is ok
Post by Samir Hussain
Hello,
Your conn command is indented which seems to be causing the problem.
Please remove any spacing/tab so it is at the left most edge.
That should hopefully fix any issues with your config.
Samir
/etc/ipsec.conf:14: syntax error, unexpected CONN [conn]
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:14: syntax error,
unexpected CONN [conn]
unknown stack
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:14: syntax error,
unexpected CONN [conn]
..... [FAILED]
Post by Samir Hussain
Could you also provide the output when you start the ipsec service please
Post by robert k Wild
mmm...
i still getting an error message, not the same but another syntax error
--
Regards,
Robert K Wild.
--
Regards,

Robert K Wild.
Loading...