Ipsec reload fails to load ipsec.conf Strongswan 5.0

Posted by Quentin Swain on Server Fault See other posts from Server Fault or by Quentin Swain
Published on 2012-09-12T19:54:47Z Indexed on 2012/09/12 21:40 UTC
Read the original article Hit count: 971

Filed under:
|
|

I am having trouble configuring a connection to an Android device using a fedora 17 linux machine and strongSwanv5.0.1dr2. I have made some progress but when I try adding the configuration to support xauth authentication I receive an error when I try to reload the configuration file. I get a similar error for the value ikev1 for the keyexchange setting , and whenever i try to set a value for rightauth. Has anyone else had this problem The man page for ipsec.conf and the documentation on the strongswan wiki both indicated that these settings and values should be fine in 5.0.x.x. I could try setting authby but that is deprecated according to the documentation i read and the xauthpsk value isn't working. Any help is much appreciated thanks.

can not load config '/etc/ipsec.conf': /etc/ipsec.conf:25: syntax error, unexpected STRING [leftauth]

# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
       # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        # Enable this if you see "failed to find any available worker"
        # nhelpers=0
        plutodebug=all
conn %default
        ikelifetime=240m
        #keylifetime=20m
        keyingtries=3
        ikev2=no


conn android
        left=10.1.12.212
        right=10.1.12.140
        leftxauthserver=yes
        leftauth=psk
        rightauth=xauth
        keyexchange=ikev1
        type=tunnel
        pfs=no
        rekey=no
        auto=start
        ike=aes256-md5;modp1024
        phase2=esp
        ikev2=no
#You may put your configuration (.conf) file in the "/etc/ipsec.d/"
#include /etc/ipsec.d/*.conf

© Server Fault or respective owner

Related posts about linux

Related posts about ipsec