[strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]

Stephen Feyrer stephen.feyrer at btinternet.com
Fri Apr 17 15:08:57 CEST 2015 

Hi Neol,

Thank you.  I have removed the file /etc/strongswan.d/VPN.conf

In /etc/ipsec.conf I have the same configuration.  At least there is  
progress, unfortunately I am still baffled.  This is the previously  
working configuration.

code:

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
         # strictcrlpolicy=yes
         # uniqueids = no

conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add


Having restarted ipsec, I get the following result

code:

# ipsec up VPN-OFFICE-COM
initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA VPN-OFFICE-COM[1] established between  
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID  
NAT-OA NAT-OA ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID  
N((24576)) NAT-OA ]
received 28800s lifetime, configured 0s
no acceptable traffic selectors found
establishing connection 'VPN-OFFICE-COM' failed



-- 
Kind regards


Stephen Feyrer




On Fri, 17 Apr 2015 11:49:04 +0100, Noel Kuntze <noel at familie-kuntze.de>  
wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Stephen,
>
> The configuration for the conns go into /etc/ipsec.conf, not  
> /etc/strongswan.d or /etc/strongswan.conf.
> Only the plugin and logger configurations go into /etc/stronswan,d/ or  
> /etc/strongswan.conf.
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 17.04.2015 um 12:27 schrieb Stephen Feyrer:
>> Hi,
>>
>> I am hoping someone can help me.  At first this looks like a simple  
>> error but I don't think it is.
>>
>>
>> To put this into some context, so you can ignore this paragraph if  
>> you're not interested.
>>
>> A few months ago, I got my home PC - (Gentoo Linux) setup to VPN into  
>> the office which is a Windows environment.  Shortly after I moved house  
>> and my phone line.  Only at that time my ISP had a fault on the phone  
>> line at my new house so no internet connection.  Once the internet was  
>> resolved, the first thing I did was update my PC.  Next I found that my  
>> VPN was no longer working.  I was careful to look for messages that  
>> required configuration updates, I saw none for StrongSwan.
>>
>>
>>
>>
>> Code:
>>
>> * Starting ...
>> /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting  
>> NEWLINE or '{' or '=' [vpn]
>> invalid config file '/etc/strongswan.conf'
>> Starting strongSwan 5.2.2 IPsec [starter]...
>>
>>
>>
>> Code:
>>
>> # ipsec up vpn.office.com
>> /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting  
>> NEWLINE or '{' or '=' [vpn]
>> invalid config file '/etc/strongswan.conf'
>> initiating Main Mode IKE_SA vpn.office.com[1] to 17.11.7.5
>> generating ID_PROT request 0 [ SA V V V V ]
>> sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
>> received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
>> parsed ID_PROT response 0 [ SA V V ]
>> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
>> received FRAGMENTATION vendor ID
>> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
>> sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
>> received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
>> parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
>> received Cisco Unity vendor ID
>> received XAuth vendor ID
>> received unknown vendor ID: [Available On Request]
>> received unknown vendor ID: [Available On Request]
>> local host is behind NAT, sending keep alives
>> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
>> sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
>> received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
>> parsed ID_PROT response 0 [ ID HASH V ]
>> received DPD vendor ID
>> IKE_SA vpn.office.com[1] established between  
>> 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
>> generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID  
>> NAT-OA NAT-OA ]
>> sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
>> received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
>> parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID  
>> N(([Available On Request])) NAT-OA ]
>> received 28800s lifetime, configured 0s
>> no acceptable traffic selectors found
>> establishing connection 'vpn.office.com' failed
>>
>>
>>
>> The only other issue of note is that the behaviour of Networkmanager  
>> appears to have changed during boot. Previously, there was a 1 second  
>> wait, now that is gone. I have searched the web for similar issues and  
>> found none.
>>
>>  The details of how my VPN came to be setup as it is are available here:
>> https://forums.gentoo.org/viewtopic-t-998042-postdays-0-postorder-asc-start-0.html
>>
>>
>> code:
>>
>> # strongswan.conf - strongSwan configuration file
>> #
>> # Refer to the strongswan.conf(5) manpage for details
>> #
>> # Configuration changes should be made in the included files
>>
>> charon {
>> load_modular = yes
>> plugins {
>> include strongswan.d/charon/*.conf
>> }
>> }
>>
>> include strongswan.d/*.conf
>>
>>
>>
>> code:
>>
>> # strongswan.d/VPN.conf
>>
>> conn VPN-OFFICE-COM
>> keyexchange=ikev1
>> type=transport
>> authby=secret
>> ike=3des-sha1-modp1024
>> rekey=no
>> left=%defaultroute
>> leftprotoport=udp/l2tp
>> right=vpn.office.com
>> rightprotoport=udp/l2tp
>> rightid=17.11.7.5
>> auto=add
>>
>>
>> At the time of writing I have just tried commenting out the whole of  
>> VPN.conf and then going line by line uncommenting but now even with all  
>> the lines uncommented, I get this message.
>>
>> code:
>>
>> # ipsec up VPN-OFFICE-COM
>> /etc/strongswan.d/Xerox.conf:15: syntax error, unexpected NAME,  
>> expecting NEWLINE or '{' or '=' [VPN-OFFICE-COM]
>> invalid config file '/etc/strongswan.conf'
>> no config named 'VPN-OFFICE-COM'
>>
>>
>> Please help!
>>
>>
>>
>> --
>> Kind regards
>>
>>
>> Stephen Feyrer
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJVMOUeAAoJEDg5KY9j7GZYlGMP/0W26Xu6U4GTg+watPHkd/LG
> fQ2zuO/5VfEiSjbLWeV7RJxTALkkIJJx93H8ygblAv9cU5EmIgsP8eqNxz6cTPJ/
> NW1QldDTJ/INEKVc2QI/F6gAiYrf7+gtp6kDOEXAWJKV4CY/7jjMsAygrDCMc9ca
> cMtM8R18X1F7WwLsQT2tzVNBdfXmy9riJyef5L8/a+WL3AjZIQvCwhoipyrT/pB0
> x91+vnhVM5vQp4AcbsB4U/mZNtfHrEr0iCU1y4RU9rY3Hxz4UTeKtrcwcMinP3RL
> Vr0IKqv0ZmgJYEsrp58IgZKdYoSQQD32h8ltIrGGSSaF3y2fHU9gWAJfiUy62+Wf
> 0eFu0ZggedPiM3CaBW5OCRfzIQKJa5tZMgLGtCyljv7NPXHjM+0lwM50HOmgEJ9D
> rGNLIcq9KRVHEK3CI7N/ju5fWf+fDD0FSUjvHPYVrwBvLntK5tmm6cDC9J2y/5WI
> iMaIeuYOwGHuha15urtf5Wb39P7fneAIKryKKRHDyWFrIRwfBubojBoGX+vIj2Ex
> XhSAYmXB4nzwGfR76MhypiRODOoswmzGWgmyXUoSh5vIJowBPsrFL9xqwWD06/S9
> mHfHzQW2/lb9gxaOZjtzOFdCmT/HawuDGu/bkJuWRTczSTlwwXShTOUr3Lo4q3+L
> SDbjhuHWukdxBT9daWXQ
> =UKbk
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list