• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • Life always offers you a second chance ... Its called tomorrow !!!

    Wednesday, October 10, 2012

    How to fix "unexpected KEYWORD, expecting $end [type]"

    This error is very common and simple which you might get when trying to restart ipsec services.

    Please follow the below solution in case you get this error

    Error:
    # service ipsec restart
    failed to start openswan IKE daemon - the following error  occured:
    can not load config '/etc/ipsec.conf': /etc/ipsec.conf:25:  syntax error, unexpected KEYWORD, expecting $end [type]
    Solution:
    Make sure that all the parameters inside ipsec.conf except 'conn', 'version' and 'config' are started after a TAB like as shown below
    # vi /etc/ipsec.conf
    version 2.0     # conforms to second version of ipsec.conf specification
    # basic configuration
    config setup
    # Debug-logging controls:  "none" for (almost) none, "all" for lots.
    # klipsdebug=none
    # plutodebug="control parsing"
    # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes
        interfaces=%defaultroute
        oe=off
    # Enable this if you see "failed to find any available worker"
        nhelpers=0
    
     #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
    conn sonicwall
        type=tunnel
        left=10.10.10.134              # Your local linux machine IP
        leftsubnet=10.10.10.0/24       # The subnet of your local Linux machine
        leftid=@GroupVPN               # Same as given in Sonicwall
        leftxauthclient=yes
        right=xxx.xxx.xxx.xxx          # Sonicwall VPN IP
        rightsubnet=192.168.0.0/24     # Sonicwall LAN subnet
        rightid=@xxxxxxxxxxx           # Sonicwall Unique Identifier
        rightxauthserver=yes
        keyingtries=0
        pfs=yes
        auto=add
        auth=esp
        esp=3DES-SHA1                  # protocol used for authentication in sonicwall
        ike=3DES-SHA1
        authby=secret
        aggrmode=yes
    Now you can start the services
    # service ipsec start
    or
    # ipsec setup --start
    ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.18-238.9.1.el5xen...
    ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
    For complete configuration steps of openswan including screenshots follow this page
    openswan configuration in RedHat5

    Follow the below links for more tutorials


    2 comments:

    1. man, you are a life saver. This is what was affecting me

      ReplyDelete
    2. It's really helpful, saved my time.

      ReplyDelete