[Openswan Users] Openswan ipsec.conf question

J. Nyhuis cabal at u.washington.edu
Thu Jun 24 15:07:49 CEST 2004 

On Tue, 22 Jun 2004, Nate Carlson wrote:
> On Tue, 22 Jun 2004, J. Nyhuis wrote:
> > Thank you much for trying to assist me.  I had already tried the
> > interfaces="ipsec0=eth0:0" line, and recieve the following error:
> >
> > server:/etc > service ipsec start
> > ipsec_setup: (/etc/ipsec.conf, line 17) section header
> > "interfaces=ipsec0=eth0:0" has wrong number of fields (1) -- `start' aborted
>
> Are you quoting it properly? IE,
> interfaces="ipsec0=eth0:0"?

I believe I am quoting it properly with the quotes around the
ipsec0=eth0:0 part.
my kernal=2.4.20-24.9
my rpm=openswan-2.1.2-1.fc2
I have included my ipsec.conf.
I can't see any reason why ipsec would choak on my interfaces line.
Can someone please show me what I am doing wrong?
Should I report this as a bug?

version 2.0     # conforms to second version of ipsec.conf specification
# Edited by John N. 6-18-04, cabal at u.washington.edu
# server and network is "right"
# Roaming computer is "left"
# basic configuration
config setup
interfaces="ipsec0=eth0:0"
klipsdebug=none
plutodebug=none
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=all
        # plutodebug=dns
plutoload=%search
plutostart=%search

# Add connections here.
conn %default
keyingtrys=1
conn Road-Central
left=0.0.0.0                      # the laptop to be connected has an unknown IP address
leftsubnet=                       # only connect to the laptop in question, not a network
leftnexthop=                      # routing info from the laptop is unknown
right=128.208.120.66              # CSI's realworld VPN IP address
rightsubnet=10.30.11.0/24         # CSI subnet to route too
rightnexthop=128.208.120.100      # the router CSI goes through
auto=add
authby=rsasig
leftid=                           # laptop does not have a domain name
rightid=vpn.csi.washington.edu    # CSI's FQDN
leftrsasigkey=                    #
rightsasigkey=(removed to protect the innocent)

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf


	Thanks again,
John H. Nyhuis
Computer Specialist I
Cell Systems Initiative
Dept. of BioEngineering
University of Washington
Desk: (206)-732-6148
Fax: (206)-732-6033
cabal at u.washington.edu

More information about the Users mailing list