[Openswan Users] Strange error on start: duplicate key '' in conn vpc-to-vpc while processing def vpc-to-vpc

AJ Bahnken aj.bahnken at procore.com
Wed Jun 1 15:05:39 EDT 2016 

Hello everyone,

I've been trying to debug this problem for a while now. I have a fairly
simple Openswan setup based off of
http://aws.amazon.com/articles/5472675506466066 that I am trying to get
working. Annoyingly, when I originally went through this tutorial
everything worked as expected. Now that I've converted it into Puppet code,
I am getting a strange error that I can't seem to debug.

The error is:
ajvb at ip-10-0-0-1 ~$ sudo service ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.38/K3.13.0-85-generic...

*ipsec_setup: duplicate key '' in conn vpc-to-vpc while processing def
vpc-to-vpcipsec_setup: while loading 'vpc-to-vpc': duplicate key '' in conn
vpc-to-vpc while processing def vpc-to-vpc*

Config File (slightly sanitized):
ajvb at ip-10-0-0-1 ~$ cat /etc/ipsec.conf
version 2.0

config setup
  nat_traversal=yes
  oe=off
  protostack=netkey

conn vpc-to-vpc
  type=tunnel
  authby=secret
  left=%defaultroute
  left=52.xxx.xxx.xxx
  leftnexthop=%defaultroute
  leftsubnet=10.0.0.0/16
  right=52.xxx.xxx.xxx
  rightsubnet=172.16.0.0/16
  pfs=yes
  auto=start


System Information:
ajvb at ip-10-0-0-1 ~$ uname -a
Linux ip-10-0-0-1 3.13.0-85-generic #129-Ubuntu SMP Thu Mar 17 20:50:15 UTC
2016 x86_64 x86_64 x86_64 GNU/Linux
ajvb at ip-10-0-0-1 ~$ ipsec --version
Linux Openswan U2.6.38/K3.13.0-85-generic (netkey)

IPSec Verify:
sudo ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.38/K3.13.0-85-generic (netkey)
Checking for IPsec support in kernel                            [OK]
 SAref kernel support                                           [N/A]
 NETKEY:  Testing XFRM related proc values                      [OK]
        [OK]
        [OK]
Checking that pluto is running                                  [OK]
 Pluto listening for IKE on udp 500                             [OK]
 Pluto listening for NAT-T on udp 4500                          [OK]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                               [WARNING]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]


I've seen this error referenced a few places online, but there isn't really
any discussion as to what causes it or how it was fixed.

Any help would be appreciated. Thanks!


Sincerely,
AJ


-- 

*AJ Bahnken*
Site Reliability Engineer  |  *Procore*
6309 Carpinteria Ave  |  Carpinteria, CA 93013
aj.bahnken at procore.com  |  LinkedIn <https://www.linkedin.com/in/ajvbahnken>

*Have you visited our Jobsite? <http://jobsite.procore.com>*

[image: Procore]
www.procore.com  |  LinkedIn
<http://www.linkedin.com/company/procore-technologies>  |  Facebook
<http://www.facebook.com/procore.tech>  |  Twitter
<http://www.twitter.com/procoretech>  |  YouTube
<http://www.youtube.com/user/ProcoreVideo>

Procore Technologies, Inc., the world's number one most widely used
construction management software, helps firms drastically increase project
efficiency and accountability by streamlining and mobilizing project
communication and documentation. Users manage all types of construction
projects including industrial plants, office buildings, apartment
complexes, university facilities, retail centers, and more.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160601/f95189a6/attachment.html>

More information about the Users mailing list