[strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]

Noel Kuntze noel at familie-kuntze.de
Fri Apr 17 12:49:04 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Stephen,

The configuration for the conns go into /etc/ipsec.conf, not /etc/strongswan.d or /etc/strongswan.conf.
Only the plugin and logger configurations go into /etc/stronswan,d/ or /etc/strongswan.conf.

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 17.04.2015 um 12:27 schrieb Stephen Feyrer:
> Hi,
>
> I am hoping someone can help me.  At first this looks like a simple error but I don't think it is.
>
>
> To put this into some context, so you can ignore this paragraph if you're not interested.
>
> A few months ago, I got my home PC - (Gentoo Linux) setup to VPN into the office which is a Windows environment.  Shortly after I moved house and my phone line.  Only at that time my ISP had a fault on the phone line at my new house so no internet connection.  Once the internet was resolved, the first thing I did was update my PC.  Next I found that my VPN was no longer working.  I was careful to look for messages that required configuration updates, I saw none for StrongSwan.
>
>
>
>
> Code:
>
> * Starting ...
> /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
> invalid config file '/etc/strongswan.conf'
> Starting strongSwan 5.2.2 IPsec [starter]...
>
>
>
> Code:
>
> # ipsec up vpn.office.com
> /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
> invalid config file '/etc/strongswan.conf'
> initiating Main Mode IKE_SA vpn.office.com[1] to 17.11.7.5
> generating ID_PROT request 0 [ SA V V V V ]
> sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
> received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
> parsed ID_PROT response 0 [ SA V V ]
> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
> received FRAGMENTATION vendor ID
> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
> sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
> received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
> parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
> received Cisco Unity vendor ID
> received XAuth vendor ID
> received unknown vendor ID: [Available On Request]
> received unknown vendor ID: [Available On Request]
> local host is behind NAT, sending keep alives
> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
> sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
> received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
> parsed ID_PROT response 0 [ ID HASH V ]
> received DPD vendor ID
> IKE_SA vpn.office.com[1] established between 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
> generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID NAT-OA NAT-OA ]
> sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
> received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
> parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID N(([Available On Request])) NAT-OA ]
> received 28800s lifetime, configured 0s
> no acceptable traffic selectors found
> establishing connection 'vpn.office.com' failed
>
>
>
> The only other issue of note is that the behaviour of Networkmanager appears to have changed during boot. Previously, there was a 1 second wait, now that is gone. I have searched the web for similar issues and found none.
>
>  The details of how my VPN came to be setup as it is are available here:
> https://forums.gentoo.org/viewtopic-t-998042-postdays-0-postorder-asc-start-0.html
>
>
> code:
>
> # strongswan.conf - strongSwan configuration file
> #
> # Refer to the strongswan.conf(5) manpage for details
> #
> # Configuration changes should be made in the included files
>
> charon {
> load_modular = yes
> plugins {
> include strongswan.d/charon/*.conf
> }
> }
>
> include strongswan.d/*.conf
>
>
>
> code:
>
> # strongswan.d/VPN.conf
>
> conn VPN-OFFICE-COM
> keyexchange=ikev1
> type=transport
> authby=secret
> ike=3des-sha1-modp1024
> rekey=no
> left=%defaultroute
> leftprotoport=udp/l2tp
> right=vpn.office.com
> rightprotoport=udp/l2tp
> rightid=17.11.7.5
> auto=add
>
>
> At the time of writing I have just tried commenting out the whole of VPN.conf and then going line by line uncommenting but now even with all the lines uncommented, I get this message.
>
> code:
>
> # ipsec up VPN-OFFICE-COM
> /etc/strongswan.d/Xerox.conf:15: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [VPN-OFFICE-COM]
> invalid config file '/etc/strongswan.conf'
> no config named 'VPN-OFFICE-COM'
>
>
> Please help!
>
>
>
> --
> Kind regards
>
>
> Stephen Feyrer
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVMOUeAAoJEDg5KY9j7GZYlGMP/0W26Xu6U4GTg+watPHkd/LG
fQ2zuO/5VfEiSjbLWeV7RJxTALkkIJJx93H8ygblAv9cU5EmIgsP8eqNxz6cTPJ/
NW1QldDTJ/INEKVc2QI/F6gAiYrf7+gtp6kDOEXAWJKV4CY/7jjMsAygrDCMc9ca
cMtM8R18X1F7WwLsQT2tzVNBdfXmy9riJyef5L8/a+WL3AjZIQvCwhoipyrT/pB0
x91+vnhVM5vQp4AcbsB4U/mZNtfHrEr0iCU1y4RU9rY3Hxz4UTeKtrcwcMinP3RL
Vr0IKqv0ZmgJYEsrp58IgZKdYoSQQD32h8ltIrGGSSaF3y2fHU9gWAJfiUy62+Wf
0eFu0ZggedPiM3CaBW5OCRfzIQKJa5tZMgLGtCyljv7NPXHjM+0lwM50HOmgEJ9D
rGNLIcq9KRVHEK3CI7N/ju5fWf+fDD0FSUjvHPYVrwBvLntK5tmm6cDC9J2y/5WI
iMaIeuYOwGHuha15urtf5Wb39P7fneAIKryKKRHDyWFrIRwfBubojBoGX+vIj2Ex
XhSAYmXB4nzwGfR76MhypiRODOoswmzGWgmyXUoSh5vIJowBPsrFL9xqwWD06/S9
mHfHzQW2/lb9gxaOZjtzOFdCmT/HawuDGu/bkJuWRTczSTlwwXShTOUr3Lo4q3+L
SDbjhuHWukdxBT9daWXQ
=UKbk
-----END PGP SIGNATURE-----

More information about the Users mailing list