<div dir="ltr"><div><div>awesome, you are amazing!<br><br></div>who would had thought just an indent would have stopped the config file from running<br><br>[root@vpn ~]# ipsec verify<br>Verifying installed system and configuration files<br><br>Version check and ipsec on-path [OK]<br>Libreswan 3.15 (netkey) on 2.6.32-642.el6.x86_64<br>Checking for IPsec support in kernel [OK]<br> NETKEY: Testing XFRM related proc values<br> ICMP default/send_redirects [NOT DISABLED]<br><br> Disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will act on or cause sending of bogus ICMP redirects!<br><br> ICMP default/accept_redirects [NOT DISABLED]<br><br> Disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will act on or cause sending of bogus ICMP redirects!<br><br> XFRM larval drop [OK]<br>Pluto ipsec.conf syntax [OK]<br>Hardware random device [N/A]<br>Checking rp_filter [ENABLED]<br> /proc/sys/net/ipv4/conf/default/rp_filter [ENABLED]<br> /proc/sys/net/ipv4/conf/lo/rp_filter [ENABLED]<br> /proc/sys/net/ipv4/conf/eth0/rp_filter [ENABLED]<br> rp_filter is not fully aware of IPsec and should be disabled<br>Checking that pluto is running [OK]<br> Pluto listening for IKE on udp 500 [OK]<br> Pluto listening for IKE/NAT-T on udp 4500 [OK]<br> Pluto ipsec.secret syntax [OK]<br>Checking 'ip' command [OK]<br>Checking 'iptables' command [OK]<br>Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options [OK]<br>Opportunistic Encryption [DISABLED]<br><br>ipsec verify: encountered 9 errors - see 'man ipsec_verify' for help<br>[root@vpn ~]#<br><br></div><div>i dont know what the 9 errors are but it says everything is ok<br></div><div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 3 November 2016 at 13:16, Samir Hussain <span dir="ltr"><<a href="mailto:shussain@xelerance.com" target="_blank">shussain@xelerance.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Hello,</p>
<p> Your conn command is indented which seems to be causing the
problem. Please remove any spacing/tab so it is at the left most
edge.</p>
<p><br>
</p>
That should hopefully fix any issues with your config. <br>
<br>
Samir<br>
<br>
<div class="m_-5565097971437842250moz-cite-prefix">On 2016-11-03 09:03 AM, robert k Wild
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">[root@vpn ~]# service ipsec start<br>
Starting pluto IKE daemon for IPsec: cannot load config
'/etc/ipsec.conf': /etc/ipsec.conf:14: syntax error, unexpected
CONN [conn]<br>
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:14: syntax
error, unexpected CONN [conn]<br>
unknown stack<br>
cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:14: syntax
error, unexpected CONN [conn]<br>
..... <wbr>
[FAILED]<br>
[root@vpn ~]#<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 3 November 2016 at 12:54, Samir
Hussain <span dir="ltr"><<a href="mailto:shussain@xelerance.com" target="_blank">shussain@xelerance.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Could you
also provide the output when you start the ipsec service
please<br>
<br>
<br>
On 2016-11-03 08:51 AM, robert k Wild wrote:<br>
> mmm...<br>
><br>
> i still getting an error message, not the same but
another syntax error<br>
><br>
<br>
</blockquote>
</div>
<br>
<br clear="all"><span class="HOEnZb"><font color="#888888">
<br>
-- <br>
<div class="m_-5565097971437842250gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">Regards, <br>
<br>
Robert K Wild.<br>
</div>
</div>
</font></span></div>
</blockquote>
<br>
</div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Regards, <br><br>Robert K Wild.<br></div></div>
</div>