[Openswan Users] duplicate key error when ipsec auto --add connection

Liviu Nicoara nicoara at roguewave.com
Wed Jun 4 10:22:31 EDT 2008 

Paul Wouters wrote:
> On Wed, 4 Jun 2008, Liviu Nicoara wrote:
> 
>> I am trying for a couple of days now to set up a connection to my
>> office using OpenSWAN 2.5.16, with little success.
> [...]
> That line should be:
> if test -f $ipsecversion && test -f $netkey
> [...]
> That is because you started it differently. Do the one line fix
> above and run the init script to start or run "ipsec setup start"

Paul, thank for the prompt reply. The situation is much better now:

~# ipsec setup start
duplicate key '' in conn theoffice while processing def theoffice
while loading 'theoffice': duplicate key '' in conn theoffice while
processing def theoffice
ipsec_setup: Starting Openswan IPsec 2.5.16...
ipsec_setup: WARNING: interfaces= is ignored when using the NETKEY stack
ipsec_setup: Trying hardware random, this may fail, which is okay.
ipsec_setup: Trying to load all NETKEY modules:xfrm6_tunnel
xfrm6_mode_tunnel xfrm6_mode_beet xfrm6_mode_ro xfrm6_mode_transport
xfrm4_mode_transport xfrm4_mode_tunnel xfrm4_tunnel xfrm4_mode_beet
esp4 esp6 ah4 ah6 ipcomp ipcomp6 af_key
ipsec_setup: Trying VIA padlock driver, this may fail, which is okay.
ipsec_setup: Trying to load Crypto API modules, some may fail, which
is okay.
ipsec_setup: aes-x86_64 aes des sha512 sha256 md5 cbc xcbc ecb twofish
blowfish serpent

ipsec_setup: duplicate key '' in conn theoffice while processing def
theoffice
ipsec_setup: while loading 'theoffice': duplicate key '' in conn
theoffice while processing def theoffice

~# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.5.16/K2.6.25.4 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Checking for 'curl' command for CRL fetching                    [OK]
Opportunistic Encryption Support                                [DISABLED]

As you can see above, the only remaining issue is the duplicate key in
my connection definition. I am re-attaching it here hoping that you,
or anybody else, might spot the issue (I couldn't). In the meantime, I
will try to debug it myself (have already spotted the parser code).

Thanks again!

Liviu

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: theoffice.conf
Url: http://lists.openswan.org/pipermail/users/attachments/20080604/3fdafab6/attachment.pl 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipsec.conf
Url: http://lists.openswan.org/pipermail/users/attachments/20080604/3fdafab6/attachment-0001.pl

More information about the Users mailing list