[Openswan Users] virtual_private syntax error???

DeShawn deshawn at rocketmail.com
Sun Feb 22 00:34:43 EST 2009

I have a working OpenSWAN 2.6.20 installed. I can connect roadwarriors that have a public ip (no NAT) using x509 certificates. My next step is getting NAT-T working.

I'm using OpenSWAN 2.6.20, Kernel 2.6.28 (vanilla), and NETKEY.
I have the private networks and on my router.

In my /etc/ipsec.conf, I specified the following...

config setup

"ipsec setup start" start ipsec well enough, however I can't connect my roadwarriors from behind a NAT. After some investigation, I found 
[ ~ ]# ipsec auto status
000 virtual_private (%priv):
000 - allowed 3 subnets:,,
000 - disallowed 2 subnets:,
000 WARNING: Either virtual_private= was not specified, or there was a syntax 
000          error in that line. 'left/rightsubnet=%priv' will not work!
And sure enough, when I entered


"ipsec setup start" failed to start ipsec correctly

A syntax error??? I don't get if, I copy and pasted the line straight from the man page and various examples from accross the internet. I even tried just the IETF defined private networks and removing the v from %v4 for %4.


But I still get the "WARNING: Either virtual_private= was not specified, or there was a syntax error in that line. 'left/rightsubnet=%priv' will not work!" error from "ipsec auto status", and if I include "rightsubnet=vhost:%no,%priv", IPSec fails to start.

What is the syntax error? What am I doing wrong??


More information about the Users mailing list