How to fix

How to fix "unexpected KEYWORD, expecting $end [type]"

This error is very common and simple which you might get when trying to restart ipsec services.How to fix

Please follow the below solution in case you get this error

 

Error: unexpected KEYWORD, expecting $end [type]

# service ipsec restart
failed to start openswan IKE daemon - the following error  occured:
can not load config '/etc/ipsec.conf': /etc/ipsec.conf:25:  syntax error, unexpected KEYWORD, expecting $end [type]

 

Solution:

Make sure that all the parameters inside ipsec.conf except 'conn', 'version' and 'config' are started after a TAB like as shown below

# vi /etc/ipsec.conf
version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls:  "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
    protostack=netkey
    nat_traversal=yes
    interfaces=%defaultroute
    oe=off
# Enable this if you see "failed to find any available worker"
    nhelpers=0

 #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
conn sonicwall
    type=tunnel
    left=10.10.10.134              # Your local linux machine IP
    leftsubnet=10.10.10.0/24       # The subnet of your local Linux machine
    leftid=@GroupVPN               # Same as given in Sonicwall
    leftxauthclient=yes
    right=xxx.xxx.xxx.xxx          # Sonicwall VPN IP
    rightsubnet=192.168.0.0/24     # Sonicwall LAN subnet
    rightid=@xxxxxxxxxxx           # Sonicwall Unique Identifier
    rightxauthserver=yes
    keyingtries=0
    pfs=yes
    auto=add
    auth=esp
    esp=3DES-SHA1                  # protocol used for authentication in sonicwall
    ike=3DES-SHA1
    authby=secret
    aggrmode=yes

Now you can start the services

# service ipsec start
or
# ipsec setup --start
ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.18-238.9.1.el5xen...
ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled

For complete configuration steps of openswan including screenshots follow this page
openswan configuration in RedHat5

 

Read Also:
Install & Configure OpenVPN Server Easy-RSA 3 (RHEL/CentOS 7) in Linux

3 thoughts on “How to fix "unexpected KEYWORD, expecting $end [type]"”

Leave a Comment