[Openswan Users] manual keying problem

tutu andrei tandr3i at gmail.com
Tue Apr 6 11:54:10 EDT 2010


Cheers,

I am trying to set up a host-to-host connetion using manual keying between
two virtual machines but i get the following :

*ipsec_setup: can not load config '/etc/ipsec.conf': /etc/ipsec.conf:102:
> syntax error, unexpected STRING [spi]*


when i try to restart the ipsec service in order to reload the configuration
file .

This is my ipsec.conf :

*# /etc/ipsec.conf - Openswan IPsec configuration file*
> *# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $*
>
> *# This file:  /usr/local/share/doc/openswan/ipsec.conf-sample*
> *#*
> *# Manual:     ipsec.conf.5*
>
>
> *version    2.0    # conforms to second version of ipsec.conf
> specification*
>
> *# basic configuration*
> *config setup*
> *    # Do not set debug options to debug configuration issues!*
> *    # plutodebug / klipsdebug = "all", "none" or a combation from below:*
> *    # "raw crypt parsing emitting control klips pfkey natt x509 dpd
> private"*
> *    # eg:*
> *    # plutodebug="control parsing"*
> *    #*
> *    # enable to get logs per-peer*
> *    # plutoopts="--perpeerlog"*
> *    #*
> *    # Again: only enable plutodebug or klipsdebug when asked by a
> developer*
> *    #*
> *    # NAT-TRAVERSAL support, see README.NAT-Traversal*
> *    nat_traversal=yes*
> *    # exclude networks used on server side by adding %v4:!a.b.c.0/24*
> *    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12*
> *    # OE is now off by default. Uncomment and change to on, to enable.*
> *    oe=off*
> *    # which IPsec stack to use. netkey,klips,mast,auto or none*
> *    protostack=netkey*
> *    *
>
> *# Add connections here*
>
> *# sample VPN connection*
> *# for more examples, see /etc/ipsec.d/examples/*
> *#conn sample*
> *#        # Left security gateway, subnet behind it, nexthop toward right.
> *
> *#        left=10.0.0.1*
> *#        leftsubnet=172.16.0.0/24*
> *#        leftnexthop=10.22.33.44*
> *#        # Right security gateway, subnet behind it, nexthop toward left.
> *
> *#        right=10.12.12.1*
> *#        rightsubnet=192.168.0.0/24*
> *#        rightnexthop=10.101.102.103*
> *#        # To authorize this connection, but not actually start it, *
> *#        # at startup, uncomment this.*
> *#        #auto=start*
> *conn myvmpp*
> *    #*
> *    # Simple use raw RSA keys*
> *    # After starting openswan, run: ipsec showhostkey --left (or --right)
> *
> *    # and fill in the connection similarly to the example below.*
> *    #*
> *    left=172.16.33.129*
> *    # optional*
> *    # leftsubnet=10.0.1.0/24*
> *    # leftid=@bofh.xelerance.com*
> *
>  leftrsasigkey=0sAQNyKLugz6RekDX0Uau4xCdRigqxhZT9kLKn/C0nJSBaRcvTCZTMWPIRKJP4xkNSk1ju77QH6AAEnqT1MG1/simiTQwAzmI0YxLi09h1wz9LqBso8/Ce65c4u+RViL5aeT42yqJgS3M2yZr08lXZdZU/utX4TIx1cBSNuiWpYDQOZiGJgiIwyGw79mNgTLN9PQX4Re9HRi20VLXcu5J+11c9H9Rvk/KtGfuz6hBCc9IllfWjeovEQNLBNlwoJKcha+Qijn5a/KXOvfgeCNs7wyNAsAQzqNAZ/Xp3HEHvb4Euf5EiElFkk//MTBs3m5kDNrhdAJfSvofwn6UIbyvwcqvIcNA5lnHLYJ30/yFmCYzKJltz
> *
>
> *    # The remote user.*
> *    #*
> *    right=172.16.33.128*
> *    # rightid=@tla.xelerance.com*
> *    # optional*
> *    # rightsubnet=10.0.2.0/24*
> *
>  rightrsasigkey=0sAQPbiBiec9OisId37KrPLH2EBvjU8e2zQsxwz1s3TNzZC+CLEaTkDRP5VoBnB7rdpmzM7zOadXjGii9/3xCkxe0veC6txPQ3KP6QVg46Hn5MpOvJnC439z89AOcGFbxWRrLzbFx6spSgfegmniTVEMURDSOCR8nTEQA3KGcqXScuCqE35hBJjWYOkI0uFsIHXx2DzfsHcsf94WDBkUrc6x/+3m6e0jLkj9DPd2wivqaGvc5lmveTGKXgKCYTUHM19wkuAMKYaZYW0VnjdA4+GdKIZS7++WDdfwKgOZaYq+DDP7NT6MpZmp/mPQeXfCbgyztQK99ADEt84v28eHG1wdufiLMo/ONYft8Xd1OWgEwt/SXN
> *
> *    type=tunnel*
> *    auto=add*
>
> *conn manualkey*
> *    ### left host (public-network address)*
> *    left=172.16.33.129*
>
> *    ### right host*
> *    right=172.16.33.128*
>
> *    ### (manual) SPI number*
> *    spi=0x300*
> *    # (manual) encryption/authentication algorithm and parameters to it*
> *    esp=3des-md5-96*
> *    espenckey=0x00000000_00000000_00000000_00000000_00000000_00000001*
> *    espauthkey=0x000000_00000000_00000000_00000001 *
>
*

I guess this is a newbie question but it did not find anything related to
this on google

Thanks,
*Andrei Tuţu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100406/49e2fe8c/attachment.html 


More information about the Users mailing list