[strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]

Miroslav Svoboda goodmirek at goodmirek.cz
Sat Apr 18 14:25:20 CEST 2015


Hi Stephen,

I believe the issue might be caused as the "conn" section is not compliant
with prescribed format. There should be at least one whitespace at the
beginning of each line within the section. Only sections can and shall
start at the first character of the line.

Supposed correction:
*conn VPN-OFFICE-COM*
*   keyexchange=ikev1*
   *type=transport*
   *authby=secret*
   *ike=3des-sha1-modp1024*
   *rekey=no*
   *left=%defaultroute*
   *leftprotoport=udp/l2tp*
   *right=vpn.office.com <http://vpn.office.com>*
   *rightprotoport=udp/l2tp*
   *rightid=17.11.7.5*
   *auto=add*

Regards,
Miroslav

Message: 3
Date: Fri, 17 Apr 2015 14:08:57 +0100
From: "Stephen Feyrer" <stephen.feyrer at btinternet.com>
To: users at lists.strongswan.org
Subject: Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error,
        unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
Message-ID: <op.xw8ms7kfx77qtv at sveta.home.org>
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes

Hi Neol,

Thank you.  I have removed the file /etc/strongswan.d/VPN.conf

In /etc/ipsec.conf I have the same configuration.  At least there is
progress, unfortunately I am still baffled.  This is the previously
working configuration.

code:

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
         # strictcrlpolicy=yes
         # uniqueids = no

conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add


Having restarted ipsec, I get the following result

code:

# ipsec up VPN-OFFICE-COM
initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA VPN-OFFICE-COM[1] established between
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID
NAT-OA NAT-OA ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID
N((24576)) NAT-OA ]
received 28800s lifetime, configured 0s
no acceptable traffic selectors found
establishing connection 'VPN-OFFICE-COM' failed



--
Kind regards


Stephen Feyrer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150418/986ba8d7/attachment.html>


More information about the Users mailing list