<div dir="ltr"><div><div><div>For anyone in the future reading this, the problem was really simple. In the config, I had two `left` assignments and no `leftid`.<br><br></div>Instead of:<br><span style="font-family:monospace,monospace"> left=%defaultroute<br> left=52.xxx.xxx.xxx<br><br></span></div>It should be:<br><span style="font-family:monospace,monospace"> left=%defaultroute<br> leftid=52.xxx.xxx.xxx<br><br></span></div><span style="font-family:monospace,monospace"></span></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 1, 2016 at 12:05 PM, AJ Bahnken <span dir="ltr"><<a href="mailto:aj.bahnken@procore.com" target="_blank">aj.bahnken@procore.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Hello everyone,<br><br></div>I've been trying to debug this problem for a while now. I have a fairly simple Openswan setup based off of <a href="http://aws.amazon.com/articles/5472675506466066" target="_blank">http://aws.amazon.com/articles/5472675506466066</a> that I am trying to get working. Annoyingly, when I originally went through this tutorial everything worked as expected. Now that I've converted it into Puppet code, I am getting a strange error that I can't seem to debug.<br><br></div>The error is:<br><span style="font-family:monospace,monospace">ajvb@ip-10-0-0-1 ~$ sudo service ipsec restart<br>ipsec_setup: Stopping Openswan IPsec...<br>ipsec_setup: Starting Openswan IPsec U2.6.38/K3.13.0-85-generic...<b><br>ipsec_setup: duplicate key '' in conn vpc-to-vpc while processing def vpc-to-vpc<br>ipsec_setup: while loading 'vpc-to-vpc': duplicate key '' in conn vpc-to-vpc while processing def vpc-to-vpc</b></span><br><br clear="all"><div><div><div>Config File (slightly sanitized):<br><span style="font-family:monospace,monospace">ajvb@ip-10-0-0-1 ~$ cat /etc/ipsec.conf<br>version 2.0<br><br>config setup<br> nat_traversal=yes<br> oe=off<br> protostack=netkey<br><br>conn vpc-to-vpc<br> type=tunnel<br> authby=secret<br> left=%defaultroute<br> left=52.xxx.xxx.xxx<br> leftnexthop=%defaultroute<br> leftsubnet=<a href="http://10.0.0.0/16" target="_blank">10.0.0.0/16</a><br> right=52.xxx.xxx.xxx<br> rightsubnet=<a href="http://172.16.0.0/16" target="_blank">172.16.0.0/16</a><br> pfs=yes<br> auto=start</span><br><br><br>System Information:<br><span style="font-family:monospace,monospace">ajvb@ip-10-0-0-1 ~$ uname -a<br>Linux ip-10-0-0-1 3.13.0-85-generic #129-Ubuntu SMP Thu Mar 17 20:50:15 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux<br>ajvb@ip-10-0-0-1 ~$ ipsec --version<br>Linux Openswan U2.6.38/K3.13.0-85-generic (netkey)</span><br><br></div><div>IPSec Verify:<br><span style="font-family:monospace,monospace">sudo ipsec verify<br>Checking your system to see if IPsec got installed and started correctly:<br>Version check and ipsec on-path [OK]<br>Linux Openswan U2.6.38/K3.13.0-85-generic (netkey)<br>Checking for IPsec support in kernel [OK]<br> SAref kernel support [N/A]<br> NETKEY: Testing XFRM related proc values [OK]<br> [OK]<br> [OK]<br>Checking that pluto is running [OK]<br> Pluto listening for IKE on udp 500 [OK]<br> Pluto listening for NAT-T on udp 4500 [OK]<br>Checking for 'ip' command [OK]<br>Checking /bin/sh is not /bin/dash [WARNING]<br>Checking for 'iptables' command [OK]<br>Opportunistic Encryption Support [DISABLED]</span><br></div><div><br><br></div><div>I've seen this error referenced a few places online, but there isn't really any discussion as to what causes it or how it was fixed.<br><br></div><div>Any help would be appreciated. Thanks!<br></div><div><br><br></div><div>Sincerely,<br></div><div>AJ<br></div><div><br></div><div><br>-- <br><div data-smartmail="gmail_signature"><br> <span style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:18px;color:rgb(77,77,77)"><b>AJ Bahnken</b><br> Site Reliability Engineer | <b style="color:rgb(245,128,37)">Procore</b><br> 6309 Carpinteria Ave | Carpinteria, CA 93013<br> <a href="mailto:aj.bahnken@procore.com" style="color:rgb(245,128,37)" target="_blank">aj.bahnken@procore.com</a> | <a href="https://www.linkedin.com/in/ajvbahnken" style="color:rgb(245,128,37)" target="_blank">LinkedIn</a><br> <br> <span style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:18px;color:rgb(77,77,77)"><b><a href="http://jobsite.procore.com" style="color:rgb(244,126,66)" target="_blank">Have you visited our Jobsite?</a></b></span><br> <br> <span style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:18px;color:rgb(77,77,77)"><img alt="Procore" src="https://www.procore.com/images/procore_logo_email.png" height="20" border="0" width="156"></span><br> <span style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:18px;color:rgb(77,77,77)"><a href="http://www.procore.com" style="color:rgb(245,128,37)" target="_blank">www.procore.com</a> | <a href="http://www.linkedin.com/company/procore-technologies" style="color:rgb(245,128,37)" target="_blank">LinkedIn</a> | <a href="http://www.facebook.com/procore.tech" style="color:rgb(245,128,37)" target="_blank">Facebook</a> | <a href="http://www.twitter.com/procoretech" style="color:rgb(245,128,37)" target="_blank">Twitter</a> | <a href="http://www.youtube.com/user/ProcoreVideo" style="color:rgb(245,128,37)" target="_blank">YouTube</a></span><br> <br> <span style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:18px;color:rgb(136,136,136)">Procore Technologies, Inc., the world's number one most widely used construction management software, helps firms drastically increase project efficiency and accountability by streamlining and mobilizing project communication and documentation. Users manage all types of construction projects including industrial plants, office buildings, apartment complexes, university facilities, retail centers, and more.</span></span></div>
</div></div></div></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><br> <span style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:18px;color:#4d4d4d"><strong>AJ Bahnken</strong><br> Site Reliability Engineer | <strong style="color:#f58025">Procore</strong><br> 6309 Carpinteria Ave | Carpinteria, CA 93013<br> <a href="mailto:aj.bahnken@procore.com" style="color:#f58025" target="_blank">aj.bahnken@procore.com</a> | <a href="https://www.linkedin.com/in/ajvbahnken" style="color:#f58025" target="_blank">LinkedIn</a><br> <br> <span style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:18px;color:#4d4d4d"><strong><a href="http://jobsite.procore.com" style="color:#f47e42" target="_blank">Have you visited our Jobsite?</a></strong></span><br> <br> <span style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:18px;color:#4d4d4d"><img alt="Procore" border="0" height="20" src="https://www.procore.com/images/procore_logo_email.png" width="156"></span><br> <span style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:18px;color:#4d4d4d"><a href="http://www.procore.com" style="color:#f58025" target="_blank">www.procore.com</a> | <a href="http://www.linkedin.com/company/procore-technologies" style="color:#f58025" target="_blank">LinkedIn</a> | <a href="http://www.facebook.com/procore.tech" style="color:#f58025" target="_blank">Facebook</a> | <a href="http://www.twitter.com/procoretech" style="color:#f58025" target="_blank">Twitter</a> | <a href="http://www.youtube.com/user/ProcoreVideo" style="color:#f58025" target="_blank">YouTube</a></span><br> <br> <span style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:18px;color:#888888">Procore Technologies, Inc., the world's number one most widely used construction management software, helps firms drastically increase project efficiency and accountability by streamlining and mobilizing project communication and documentation. Users manage all types of construction projects including industrial plants, office buildings, apartment complexes, university facilities, retail centers, and more.</span></span></div>
</div>