Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
*
* **type=transport*
* **authby=secret*
* **ike=3des-sha1-modp1024*
* **rekey=no*
* **left=%defaultroute*
* **leftprotoport=udp/l2tp*
* **right=vpn.office.com http://vpn.office.com*
* **rightprotoport=udp/l2tp*
* **rightid=17.11.7.5*
* **auto=add*
Regards,
Miroslav
Message: 3
Date: Fri, 17 Apr 2015 14:08:57 +0100
From: Stephen Feyrer stephen...@btinternet.com
To: us...@lists.strongswan.org
Subject: Re: [strongSwan]
/etc/strongswan.d/VPN.conf:1: syntax error,
unexpected NAME, expecting NEWLINE or '{'
or '=' [vpn]
Message-ID: op.xw8ms...@sveta.home.org
Content-Type: text/plain; charset=utf-8;
format=flowed; delsp=yes
Hi Neol,
Thank you. I have removed the file
/etc/strongswan.d/VPN.conf
In /etc/ipsec.conf I have the same configuration.
At least there is
progress, unfortunately I am still baffled. This
is the previously
working configuration.
code:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com http://vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
Having restarted ipsec, I get the following result
code:
# ipsec up VPN-OFFICE-COM
initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to
17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500]
(212 bytes)
received packet: from 17.11.7.5[500] to
1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500]
(244 bytes)
received packet: from 17.11.7.5[500] to
1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D
NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH
N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to
17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to
1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA VPN-OFFICE-COM[1] established between
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating QUICK_MODE request [Available On
Request] [ HASH SA No ID ID
NAT-OA NAT-OA ]
sending packet: from 1.2.3.4[4500] to
17.11.7.5[4500] (220 bytes)
received packet: from 17.11.7.5[4500] to
1.2.3.4[4500] (180 bytes)
parsed QUICK_MODE response [Available On Request] [
HASH SA No ID ID
N((24576)) NAT-OA ]
received 28800s lifetime, configured 0s
no acceptable traffic selectors found
establishing connection 'VPN-OFFICE-COM' failed
--
Kind regards
Stephen Feyrer
--
Kind regards
Stephen Feyrer
--
Kind regards
Stephen Feyrer
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJVNNzJAAoJEDg5KY9j7GZY8z0QAJ7703tO6Unb5O/6wc8ImHck
hDLKZj0wrlMDD/uDCWVA7bbi
Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
*
* **leftprotoport=udp/l2tp*
* **right=vpn.office.com http://vpn.office.com*
* **rightprotoport=udp/l2tp*
* **rightid=17.11.7.5*
* **auto=add*
Regards,
Miroslav
Message: 3
Date: Fri, 17 Apr 2015 14:08:57 +0100
From: Stephen Feyrer stephen...@btinternet.com
To: us...@lists.strongswan.org
Subject: Re: [strongSwan] /etc/strongswan.d/VPN.conf:1:
syntax error,
unexpected NAME, expecting NEWLINE or '{' or '='
[vpn]
Message-ID: op.xw8ms...@sveta.home.org
Content-Type: text/plain; charset=utf-8; format=flowed;
delsp=yes
Hi Neol,
Thank you. I have removed the file
/etc/strongswan.d/VPN.conf
In /etc/ipsec.conf I have the same configuration. At
least there is
progress, unfortunately I am still baffled. This is the
previously
working configuration.
code:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com http://vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
Having restarted ipsec, I get the following result
code:
# ipsec up VPN-OFFICE-COM
initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212
bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116
bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244
bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304
bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT)
]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84
bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500]
(84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA VPN-OFFICE-COM[1] established between
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating QUICK_MODE request [Available On Request] [
HASH SA No ID ID
NAT-OA NAT-OA ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500]
(220 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500]
(180 bytes)
parsed QUICK_MODE response [Available On Request] [ HASH
SA No ID ID
N((24576)) NAT-OA ]
received 28800s lifetime, configured 0s
no acceptable traffic selectors found
establishing connection 'VPN-OFFICE-COM' failed
--
Kind regards
Stephen Feyrer
--
Kind regards
Stephen Feyrer
--
Kind regards
Stephen Feyrer
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJVNNzJAAoJEDg5KY9j7GZY8z0QAJ7703tO6Unb5O/6wc8ImHck
hDLKZj0wrlMDD/uDCWVA7bbi//HmIeFqnf032GzeTQLTUAeEwUyght8ocoBImmr2
yiT3D9KkXlRzixKs8Ci
Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
VPN-OFFICE-COM[14]: IKE proposal:
3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Thank you for your help. I hope this tells you more than it does me.
--
Kind regards
Stephen Feyrer.
On Sun, 19 Apr 2015 09:11:04 +0100, Miroslav Svoboda
good...@goodmirek.cz wrote:
Hi Stephen,
So I assume there is no longer any syntax error reported.
From logfile I see there is no acceptable traffic selector. I assume
that you have a home PC (Ubuntu) with Strongswan which you want to
connect to the office VPN concentrator with IP 17.11.7.5 running
Windows. I suppose VPN concentrator in the office is not configured
to route any traffic towards you home PC's IP address, thus you
will need a virtual IP address assigned to your home PC by the VPN
concentrator. Also I suppose you want to route all traffic via that
VPN once connected.
Then, please try to modify left=%defaultroute to left=%any and add
rightsubnet=0.0.0.0/0 and leftsourceip=%config. You should not
specify leftsubnet, it has same effect as leftsubnet=%dynamic.
According to documentation at wiki configuration directive
left=defaultroute% was used prior to version 5.0.0, superseded by
left=%any.
leftsubnet=%dynamic (or omitting leftsubnet at all) and
rightsubnet=0.0.0.0/0 will create your traffic selector. It says
that anything (0.0.0.0/0) from your side will be routed to remote host
and that the remote host will route towards your PC (left==local) a
traffic which would fit your dynamically assigned IP. Should you want
to route towards office network only office-related traffic then
change rightsubnet=subnet_used_in_Stephen's_office.
If that didn't help please can you provide output of 'ipsec statusall'
and also more details about network topology?
Regards,
Miroslav
On Saturday, April 18, 2015 at 5:28:12 PM UTC+2, Stephen Feyrer wrote:
Hi Miroslav,
Thank you. The conn section as presented below was copied and pasted
from web page for convenience (this stripped the leading white
spaced from the conn section). For the moment the white spaces are
in form of TAB characters. I will test with space characters and
complete this email.
I Apologise for the lack of white spaces in the conn section of below
email. I have now tested with both spaces and tabs, each
producing the same error as below.
--
Kind regards
Stephen Feyrer.
On Sat, 18 Apr 2015 13:25:20 +0100, Miroslav Svoboda
good...@goodmirek.cz wrote:
Hi Stephen,
I believe the issue might be caused as the conn section is not
compliant with prescribed format. There should be at least one
whitespace at the beginning of each line within the section. Only
sections can and shall start at the first character of the line.
Supposed correction:
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
Regards,
Miroslav
Message: 3
Date: Fri, 17 Apr 2015 14:08:57 +0100
From: Stephen Feyrer stephen...@btinternet.com
To: us...@lists.strongswan.org
Subject: Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error,
unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
Message-ID: op.xw8ms...@sveta.home.org
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Hi Neol,
Thank you. I have removed the file /etc/strongswan.d/VPN.conf
In /etc/ipsec.conf I have the same configuration. At least there is
progress, unfortunately I am still baffled. This is the previously
working configuration.
code:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
Having restarted ipsec, I get the following result
code:
# ipsec up VPN-OFFICE-COM
initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received
Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
Hi Stephen,
So I assume there is no longer any syntax error reported.
From logfile I see there is no acceptable traffic selector. I assume that
you have a home PC (Ubuntu) with Strongswan which you want to connect to
the office VPN concentrator with IP 17.11.7.5 running Windows. I suppose
VPN concentrator in the office is not configured to route any traffic
towards you home PC's IP address, thus you will need a virtual IP address
assigned to your home PC by the VPN concentrator. Also I suppose you want
to route all traffic via that VPN once connected.
Then, please try to modify left=%defaultroute to left=%any and add
rightsubnet=0.0.0.0/0 and leftsourceip=%config. You should not specify
leftsubnet, it has same effect as leftsubnet=%dynamic.
According to documentation at wiki
https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
configuration
directive left=defaultroute% was used prior to version 5.0.0, superseded
by left=%any.
leftsubnet=%dynamic (or omitting leftsubnet at all) and
rightsubnet=0.0.0.0/0 will create your traffic selector. It says that
anything (0.0.0.0/0) from your side will be routed to remote host and that
the remote host will route towards your PC (left==local) a traffic which
would fit your dynamically assigned IP. Should you want to route towards
office network only office-related traffic then change
rightsubnet=subnet_used_in_Stephen's_office.
If that didn't help please can you provide output of 'ipsec statusall' and
also more details about network topology?
Regards,
Miroslav
On Saturday, April 18, 2015 at 5:28:12 PM UTC+2, Stephen Feyrer wrote:
Hi Miroslav,
Thank you. The conn section as presented below was copied and pasted from
web page for convenience (this stripped the leading white spaced from the
conn section). For the moment the white spaces are in form of TAB
characters. I will test with space characters and complete this email.
I Apologise for the lack of white spaces in the conn section of below
email. I have now tested with both spaces and tabs, each producing the
same error as below.
--
Kind regards
Stephen Feyrer.
On Sat, 18 Apr 2015 13:25:20 +0100, Miroslav Svoboda good...@goodmirek.cz
javascript: wrote:
Hi Stephen,
I believe the issue might be caused as the conn section is not compliant
with prescribed format. There should be at least one whitespace at the
beginning of each line within the section. Only sections can and shall
start at the first character of the line.
Supposed correction:
*conn VPN-OFFICE-COM*
* keyexchange=ikev1*
*type=transport*
*authby=secret*
*ike=3des-sha1-modp1024*
*rekey=no*
*left=%defaultroute*
*leftprotoport=udp/l2tp*
*right=vpn.office.com http://vpn.office.com*
*rightprotoport=udp/l2tp*
*rightid=17.11.7.5*
*auto=add*
Regards,
Miroslav
Message: 3
Date: Fri, 17 Apr 2015 14:08:57 +0100
From: Stephen Feyrer stephen...@btinternet.com javascript:
To: us...@lists.strongswan.org javascript:
Subject: Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error,
unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
Message-ID: op.xw8ms...@sveta.home.org javascript:
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Hi Neol,
Thank you. I have removed the file /etc/strongswan.d/VPN.conf
In /etc/ipsec.conf I have the same configuration. At least there is
progress, unfortunately I am still baffled. This is the previously
working configuration.
code:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
Having restarted ipsec, I get the following result
code:
# ipsec up VPN-OFFICE-COM
initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes
Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
to left=%any and add
rightsubnet=0.0.0.0/0 and leftsourceip=%config. You should not
specify leftsubnet, it has same effect as leftsubnet=%dynamic.
According to documentation at wiki
https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
configuration
directive left=defaultroute% was used prior to version 5.0.0, superseded
by left=%any.
leftsubnet=%dynamic (or omitting leftsubnet at all) and rightsubnet=
0.0.0.0/0 will create your traffic selector. It says that anything (
0.0.0.0/0) from your side will be routed to remote host and that the
remote host will route towards your PC (left==local) a traffic which would
fit your dynamically assigned IP. Should you want to route towards office
network only office-related traffic then change
rightsubnet=subnet_used_in_Stephen's_office.
If that didn't help please can you provide output of 'ipsec statusall' and
also more details about network topology?
Regards,
Miroslav
On Saturday, April 18, 2015 at 5:28:12 PM UTC+2, Stephen Feyrer wrote:
Hi Miroslav,
Thank you. The conn section as presented below was copied and pasted
from web page for convenience (this stripped the leading white spaced from
the conn section). For the moment the white spaces are in form of TAB
characters. I will test with space characters and complete this email.
I Apologise for the lack of white spaces in the conn section of below
email. I have now tested with both spaces and tabs, each producing the
same error as below.
--
Kind regards
Stephen Feyrer.
On Sat, 18 Apr 2015 13:25:20 +0100, Miroslav Svoboda
good...@goodmirek.cz wrote:
Hi Stephen,
I believe the issue might be caused as the conn section is not
compliant with prescribed format. There should be at least one whitespace
at the beginning of each line within the section. Only sections can and
shall start at the first character of the line.
Supposed correction:
*conn VPN-OFFICE-COM*
* keyexchange=ikev1*
*type=transport*
*authby=secret*
*ike=3des-sha1-modp1024*
*rekey=no*
*left=%defaultroute*
*leftprotoport=udp/l2tp*
*right=vpn.office.com http://vpn.office.com*
*rightprotoport=udp/l2tp*
*rightid=17.11.7.5*
*auto=add*
Regards,
Miroslav
Message: 3
Date: Fri, 17 Apr 2015 14:08:57 +0100
From: Stephen Feyrer stephen...@btinternet.com
To: us...@lists.strongswan.org
Subject: Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error,
unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
Message-ID: op.xw8ms...@sveta.home.org
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Hi Neol,
Thank you. I have removed the file /etc/strongswan.d/VPN.conf
In /etc/ipsec.conf I have the same configuration. At least there is
progress, unfortunately I am still baffled. This is the previously
working configuration.
code:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
Having restarted ipsec, I get the following result
code:
# ipsec up VPN-OFFICE-COM
initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA VPN-OFFICE-COM[1] established between
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID
NAT-OA NAT-OA ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID
N((24576)) NAT-OA ]
received 28800s lifetime, configured 0s
no acceptable traffic selectors found
establishing connection 'VPN-OFFICE-COM' failed
--
Kind regards
Stephen Feyrer
Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
Hi Stephen,
I believe the issue might be caused as the conn section is not compliant
with prescribed format. There should be at least one whitespace at the
beginning of each line within the section. Only sections can and shall
start at the first character of the line.
Supposed correction:
*conn VPN-OFFICE-COM*
* keyexchange=ikev1*
*type=transport*
*authby=secret*
*ike=3des-sha1-modp1024*
*rekey=no*
*left=%defaultroute*
*leftprotoport=udp/l2tp*
*right=vpn.office.com http://vpn.office.com*
*rightprotoport=udp/l2tp*
*rightid=17.11.7.5*
*auto=add*
Regards,
Miroslav
Message: 3
Date: Fri, 17 Apr 2015 14:08:57 +0100
From: Stephen Feyrer stephen.fey...@btinternet.com
To: users@lists.strongswan.org
Subject: Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error,
unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
Message-ID: op.xw8ms7kfx77...@sveta.home.org
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Hi Neol,
Thank you. I have removed the file /etc/strongswan.d/VPN.conf
In /etc/ipsec.conf I have the same configuration. At least there is
progress, unfortunately I am still baffled. This is the previously
working configuration.
code:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
Having restarted ipsec, I get the following result
code:
# ipsec up VPN-OFFICE-COM
initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA VPN-OFFICE-COM[1] established between
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID
NAT-OA NAT-OA ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID
N((24576)) NAT-OA ]
received 28800s lifetime, configured 0s
no acceptable traffic selectors found
establishing connection 'VPN-OFFICE-COM' failed
--
Kind regards
Stephen Feyrer
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
Hi Miroslav,
Thank you. The conn section as presented below was copied and pasted from
web page for convenience (this stripped the leading white spaced from the
conn section). For the moment the white spaces are in form of TAB
characters. I will test with space characters and complete this email.
I Apologise for the lack of white spaces in the conn section of below
email. I have now tested with both spaces and tabs, each producing the
same error as below.
--
Kind regards
Stephen Feyrer.
On Sat, 18 Apr 2015 13:25:20 +0100, Miroslav Svoboda
goodmi...@goodmirek.cz wrote:
Hi Stephen,
I believe the issue might be caused as the conn section is not
compliant with prescribed format. There should be at least one
whitespace at the beginning of each line within the section. Only
sections can and shall start at the first character of the line.
Supposed correction:
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
Regards,
Miroslav
Message: 3
Date: Fri, 17 Apr 2015 14:08:57 +0100
From: Stephen Feyrer stephen.fey...@btinternet.com
To: users@lists.strongswan.org
Subject: Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error,
unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
Message-ID: op.xw8ms7kfx77...@sveta.home.org
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Hi Neol,
Thank you. I have removed the file /etc/strongswan.d/VPN.conf
In /etc/ipsec.conf I have the same configuration. At least there is
progress, unfortunately I am still baffled. This is the previously
working configuration.
code:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
Having restarted ipsec, I get the following result
code:
# ipsec up VPN-OFFICE-COM
initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA VPN-OFFICE-COM[1] established between
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID
NAT-OA NAT-OA ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID
N((24576)) NAT-OA ]
received 28800s lifetime, configured 0s
no acceptable traffic selectors found
establishing connection 'VPN-OFFICE-COM' failed
--
Kind regards
Stephen Feyrer___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
Hi,
I am hoping someone can help me. At first this looks like a simple error
but I don't think it is.
To put this into some context, so you can ignore this paragraph if you're
not interested.
A few months ago, I got my home PC - (Gentoo Linux) setup to VPN into the
office which is a Windows environment. Shortly after I moved house and my
phone line. Only at that time my ISP had a fault on the phone line at my
new house so no internet connection. Once the internet was resolved, the
first thing I did was update my PC. Next I found that my VPN was no
longer working. I was careful to look for messages that required
configuration updates, I saw none for StrongSwan.
Code:
* Starting ...
/etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting
NEWLINE or '{' or '=' [vpn]
invalid config file '/etc/strongswan.conf'
Starting strongSwan 5.2.2 IPsec [starter]...
Code:
# ipsec up vpn.office.com
/etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting
NEWLINE or '{' or '=' [vpn]
invalid config file '/etc/strongswan.conf'
initiating Main Mode IKE_SA vpn.office.com[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA vpn.office.com[1] established between
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID
NAT-OA NAT-OA ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID
N(([Available On Request])) NAT-OA ]
received 28800s lifetime, configured 0s
no acceptable traffic selectors found
establishing connection 'vpn.office.com' failed
The only other issue of note is that the behaviour of Networkmanager
appears to have changed during boot. Previously, there was a 1 second
wait, now that is gone. I have searched the web for similar issues and
found none.
The details of how my VPN came to be setup as it is are available here:
https://forums.gentoo.org/viewtopic-t-998042-postdays-0-postorder-asc-start-0.html
code:
# strongswan.conf - strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should be made in the included files
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
include strongswan.d/*.conf
code:
# strongswan.d/VPN.conf
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
At the time of writing I have just tried commenting out the whole of
VPN.conf and then going line by line uncommenting but now even with all
the lines uncommented, I get this message.
code:
# ipsec up VPN-OFFICE-COM
/etc/strongswan.d/Xerox.conf:15: syntax error, unexpected NAME, expecting
NEWLINE or '{' or '=' [VPN-OFFICE-COM]
invalid config file '/etc/strongswan.conf'
no config named 'VPN-OFFICE-COM'
Please help!
--
Kind regards
Stephen Feyrer___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
Hi Neol,
Thank you. I have removed the file /etc/strongswan.d/VPN.conf
In /etc/ipsec.conf I have the same configuration. At least there is
progress, unfortunately I am still baffled. This is the previously
working configuration.
code:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
Having restarted ipsec, I get the following result
code:
# ipsec up VPN-OFFICE-COM
initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA VPN-OFFICE-COM[1] established between
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID
NAT-OA NAT-OA ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID
N((24576)) NAT-OA ]
received 28800s lifetime, configured 0s
no acceptable traffic selectors found
establishing connection 'VPN-OFFICE-COM' failed
--
Kind regards
Stephen Feyrer
On Fri, 17 Apr 2015 11:49:04 +0100, Noel Kuntze n...@familie-kuntze.de
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Stephen,
The configuration for the conns go into /etc/ipsec.conf, not
/etc/strongswan.d or /etc/strongswan.conf.
Only the plugin and logger configurations go into /etc/stronswan,d/ or
/etc/strongswan.conf.
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 17.04.2015 um 12:27 schrieb Stephen Feyrer:
Hi,
I am hoping someone can help me. At first this looks like a simple
error but I don't think it is.
To put this into some context, so you can ignore this paragraph if
you're not interested.
A few months ago, I got my home PC - (Gentoo Linux) setup to VPN into
the office which is a Windows environment. Shortly after I moved house
and my phone line. Only at that time my ISP had a fault on the phone
line at my new house so no internet connection. Once the internet was
resolved, the first thing I did was update my PC. Next I found that my
VPN was no longer working. I was careful to look for messages that
required configuration updates, I saw none for StrongSwan.
Code:
* Starting ...
/etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting
NEWLINE or '{' or '=' [vpn]
invalid config file '/etc/strongswan.conf'
Starting strongSwan 5.2.2 IPsec [starter]...
Code:
# ipsec up vpn.office.com
/etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting
NEWLINE or '{' or '=' [vpn]
invalid config file '/etc/strongswan.conf'
initiating Main Mode IKE_SA vpn.office.com[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA
Re: [strongSwan] /etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]
Apologies!!! Thank you, Noel! -- Kind regards Stephen Feyrer. On Fri, 17 Apr 2015 14:08:57 +0100, Stephen Feyrer stephen.fey...@btinternet.com wrote: Hi Neol, Thank you. I have removed the file /etc/strongswan.d/VPN.conf In /etc/ipsec.conf I have the same configuration. At least there is progress, unfortunately I am still baffled. This is the previously working configuration. code: # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup # strictcrlpolicy=yes # uniqueids = no conn VPN-OFFICE-COM keyexchange=ikev1 type=transport authby=secret ike=3des-sha1-modp1024 rekey=no left=%defaultroute leftprotoport=udp/l2tp right=vpn.office.com rightprotoport=udp/l2tp rightid=17.11.7.5 auto=add Having restarted ipsec, I get the following result code: # ipsec up VPN-OFFICE-COM initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to 17.11.7.5 generating ID_PROT request 0 [ SA V V V V ] sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes) received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes) parsed ID_PROT response 0 [ SA V V ] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID received FRAGMENTATION vendor ID generating ID_PROT request 0 [ KE No NAT-D NAT-D ] sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes) received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes) parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ] received Cisco Unity vendor ID received XAuth vendor ID received unknown vendor ID: [Available On Request] received unknown vendor ID: [Available On Request] local host is behind NAT, sending keep alives generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes) received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes) parsed ID_PROT response 0 [ ID HASH V ] received DPD vendor ID IKE_SA VPN-OFFICE-COM[1] established between 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5] generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID NAT-OA NAT-OA ] sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes) received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes) parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID N((24576)) NAT-OA ] received 28800s lifetime, configured 0s no acceptable traffic selectors found establishing connection 'VPN-OFFICE-COM' failed -- Kind regards Stephen Feyrer ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
