[Openswan Users] freeswan client and Netscreen

Sascha.Grau at Stud.Tu-Ilmenau.De Sascha.Grau at Stud.Tu-Ilmenau.De
Fri Jan 21 14:45:46 CET 2005

> Where i want to restart ipsec i received a message:
> /sbin/service ipsec stop
> ipsec_setup: (/etc/ipsec.conf, line 34) parameter is not within a section>  --
> `stop' aborted
Did you comment a line in a conn section which was not the last line of it ? I got this error too.
So do not do:

conn test
# foo2=bar2

Instead set the comment to the end. I think the line will be cleared during parsing and Openswan
will handle it at the end of the conn section.

> 9) If you have successfully connected client freeswan/openswan
> with Netscreen 5GT can you send me right config file for freeswan ?

I am operating Openswan-2.3.0 with a Netscreen208 device. All works fine except some issues using
xauth (rekeying issue) or xauth/mode-cfg (netscreen shows non-standard behaviour).
The posted parts of your config seem ok.

> 10) Windows client work properly with Netscreen.
> I use aggressive mode and psk and seed.
> I know that freeswan do not support 
> aggressive mode and i can reconfigure nestcreen for main mode

Use the current Openswan version instead, it supports Aggressive Mode. But there are some rekeying
problems with it. 

Do NOT use PSK+Main Mode in Roadwarrior setups.

Sascha Grau

More information about the Users mailing list