<span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; color: rgb(51, 51, 51); ">Cheers, <br><br>I am trying to set up a host-to-host connetion using manual keying between two virtual machines but i get the following :<br>
<span style="background-color: rgb(255, 255, 255); "></span><span style="background-color: rgb(255, 255, 255); "><font></font></span><br><blockquote class="gmail_quote" style="border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); margin-top: 0pt; margin-right: 0pt; margin-bottom: 0pt; margin-left: 0.8ex; padding-left: 1ex; ">
<i><span style="background-color: rgb(255, 255, 255); "><font>ipsec_setup: can not load config '/etc/ipsec.conf': /etc/ipsec.conf:102: syntax error, unexpected STRING [spi]</font></span></i></blockquote><div><br>when i try to restart the ipsec service in order to reload the configuration file . <br>
</div><div><br>This is my ipsec.conf :<br><br><blockquote><blockquote class="gmail_quote" style="border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); margin-top: 0pt; margin-right: 0pt; margin-bottom: 0pt; margin-left: 0.8ex; padding-left: 1ex; ">
<i># /etc/ipsec.conf - Openswan IPsec configuration file</i><br><i># RCSID $Id: <a href="http://ipsec.conf.in/" target="_blank" style="color: rgb(54, 68, 82); ">ipsec.conf.in</a>,v 1.16 2005/07/26 12:29:45 ken Exp $</i><br>
<br><i># This file: /usr/local/share/doc/openswan/ipsec.conf-sample</i><br><i>#</i><br><i># Manual: ipsec.conf.5</i><br><br><br><i>version 2.0 # conforms to second version of ipsec.conf specification</i><br><br>
<i># basic configuration</i><br><i>config setup</i><br><i> # Do not set debug options to debug configuration issues!</i><br><i> # plutodebug / klipsdebug = "all", "none" or a combation from below:</i><br>
<i> # "raw crypt parsing emitting control klips pfkey natt x509 dpd private"</i><br><i> # eg:</i><br><i> # plutodebug="control parsing"</i><br><i> #</i><br><i> # enable to get logs per-peer</i><br>
<i> # plutoopts="--perpeerlog"</i><br><i> #</i><br><i> # Again: only enable plutodebug or klipsdebug when asked by a developer</i><br><i> #</i><br><i> # NAT-TRAVERSAL support, see README.NAT-Traversal</i><br>
<i> nat_traversal=yes</i><br><i> # exclude networks used on server side by adding %v4:!a.b.c.0/24</i><br><i> virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12" target="_blank" style="color: rgb(54, 68, 82); ">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12</a></i><br>
<i> # OE is now off by default. Uncomment and change to on, to enable.</i><br><i> oe=off</i><br><i> # which IPsec stack to use. netkey,klips,mast,auto or none</i><br><i> protostack=netkey</i><br><i> </i><br>
<br><i># Add connections here</i><br><br><i># sample VPN connection</i><br><i># for more examples, see /etc/ipsec.d/examples/</i><br><i>#conn sample</i><br><i># # Left security gateway, subnet behind it, nexthop toward right.</i><br>
<i># left=10.0.0.1</i><br><i># leftsubnet=<a href="http://172.16.0.0/24" target="_blank" style="color: rgb(54, 68, 82); ">172.16.0.0/24</a></i><br><i># leftnexthop=10.22.33.44</i><br><i># # Right security gateway, subnet behind it, nexthop toward left.</i><br>
<i># right=10.12.12.1</i><br><i># rightsubnet=<a href="http://192.168.0.0/24" target="_blank" style="color: rgb(54, 68, 82); ">192.168.0.0/24</a></i><br><i># rightnexthop=10.101.102.103</i><br><i># # To authorize this connection, but not actually start it, </i><br>
<i># # at startup, uncomment this.</i><br><i># #auto=start</i><br><i>conn myvmpp</i><br><i> #</i><br><i> # Simple use raw RSA keys</i><br><i> # After starting openswan, run: ipsec showhostkey --left (or --right)</i><br>
<i> # and fill in the connection similarly to the example below.</i><br><i> #</i><br><i> left=172.16.33.129</i><br><i> # optional</i><br><i> # leftsubnet=<a href="http://10.0.1.0/24" target="_blank" style="color: rgb(54, 68, 82); ">10.0.1.0/24</a></i><br>
<i> # leftid=@<a href="http://bofh.xelerance.com/" target="_blank" style="color: rgb(54, 68, 82); ">bofh.xelerance.com</a></i><br><i> leftrsasigkey=0sAQNyKLugz6RekDX0Uau4xCdRigqxhZT9kLKn/C0nJSBaRcvTCZTMWPIRKJP4xkNSk1ju77QH6AAEnqT1MG1/simiTQwAzmI0YxLi09h1wz9LqBso8/Ce65c4u+RViL5aeT42yqJgS3M2yZr08lXZdZU/utX4TIx1cBSNuiWpYDQOZiGJgiIwyGw79mNgTLN9PQX4Re9HRi20VLXcu5J+11c9H9Rvk/KtGfuz6hBCc9IllfWjeovEQNLBNlwoJKcha+Qijn5a/KXOvfgeCNs7wyNAsAQzqNAZ/Xp3HEHvb4Euf5EiElFkk//MTBs3m5kDNrhdAJfSvofwn6UIbyvwcqvIcNA5lnHLYJ30/yFmCYzKJltz</i><br>
<br><i> # The remote user.</i><br><i> #</i><br><i> right=172.16.33.128</i><br><i> # rightid=@<a href="http://tla.xelerance.com/" target="_blank" style="color: rgb(54, 68, 82); ">tla.xelerance.com</a></i><br><i> # optional</i><br>
<i> # rightsubnet=<a href="http://10.0.2.0/24" target="_blank" style="color: rgb(54, 68, 82); ">10.0.2.0/24</a></i><br><i> rightrsasigkey=0sAQPbiBiec9OisId37KrPLH2EBvjU8e2zQsxwz1s3TNzZC+CLEaTkDRP5VoBnB7rdpmzM7zOadXjGii9/3xCkxe0veC6txPQ3KP6QVg46Hn5MpOvJnC439z89AOcGFbxWRrLzbFx6spSgfegmniTVEMURDSOCR8nTEQA3KGcqXScuCqE35hBJjWYOkI0uFsIHXx2DzfsHcsf94WDBkUrc6x/+3m6e0jLkj9DPd2wivqaGvc5lmveTGKXgKCYTUHM19wkuAMKYaZYW0VnjdA4+GdKIZS7++WDdfwKgOZaYq+DDP7NT6MpZmp/mPQeXfCbgyztQK99ADEt84v28eHG1wdufiLMo/ONYft8Xd1OWgEwt/SXN</i><br>
<i> type=tunnel</i><br><i> auto=add</i><br><br><i>conn manualkey</i><br><i> ### left host (public-network address)</i><br><i> left=172.16.33.129</i><br><br><i> ### right host</i><br><i> right=172.16.33.128</i><br>
<br><i> ### (manual) SPI number</i><br><i> spi=0x300</i><br><i> # (manual) encryption/authentication algorithm and parameters to it</i><br><i> esp=3des-md5-96</i><br><i> espenckey=0x00000000_00000000_00000000_00000000_00000000_00000001</i><br>
<i> espauthkey=0x000000_00000000_00000000_00000001 </i><br></blockquote><i><br><br>I guess this is a newbie question but it did not find anything related to this on google<br><br>Thanks,<br></i><span>Andrei Tuţu</span></blockquote>
</div></span>