How to fix "unexpected KEYWORD, expecting $end [type]"

How to fix "unexpected KEYWORD, expecting $end [type]"

This error is very common and simple which you might get when trying to restart ipsec services.How to fix "unexpected KEYWORD, expecting $end [type]"

Please follow the below solution in case you get this error

 

Error: unexpected KEYWORD, expecting $end [type]

# service ipsec restart
failed to start openswan IKE daemon - the following error  occured:
can not load config '/etc/ipsec.conf': /etc/ipsec.conf:25:  syntax error, unexpected KEYWORD, expecting $end [type]

 

Solution:

Make sure that all the parameters inside ipsec.conf except 'conn', 'version' and 'config' are started after a TAB like as shown below

# vi /etc/ipsec.conf
version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls:  "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
    protostack=netkey
    nat_traversal=yes
    interfaces=%defaultroute
    oe=off
# Enable this if you see "failed to find any available worker"
    nhelpers=0

 #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
conn sonicwall
    type=tunnel
    left=10.10.10.134              # Your local linux machine IP
    leftsubnet=10.10.10.0/24       # The subnet of your local Linux machine
    leftid=@GroupVPN               # Same as given in Sonicwall
    leftxauthclient=yes
    right=xxx.xxx.xxx.xxx          # Sonicwall VPN IP
    rightsubnet=192.168.0.0/24     # Sonicwall LAN subnet
    rightid=@xxxxxxxxxxx           # Sonicwall Unique Identifier
    rightxauthserver=yes
    keyingtries=0
    pfs=yes
    auto=add
    auth=esp
    esp=3DES-SHA1                  # protocol used for authentication in sonicwall
    ike=3DES-SHA1
    authby=secret
    aggrmode=yes

Now you can start the services

# service ipsec start
or
# ipsec setup --start
ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.18-238.9.1.el5xen...
ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled

For complete configuration steps of openswan including screenshots follow this page
openswan configuration in RedHat5

 

Read Also:
Install & Configure OpenVPN Server Easy-RSA 3 (RHEL/CentOS 7) in Linux

3 thoughts on “How to fix "unexpected KEYWORD, expecting $end [type]"”

Leave a Comment