[Openswan Users] Strange error on start: duplicate key '' in conn vpc-to-vpc while processing def vpc-to-vpc

AJ Bahnken aj.bahnken at procore.com
Sun Jun 5 14:29:18 EDT 2016 

For anyone in the future reading this, the problem was really simple. In
the config, I had two `left` assignments and no `leftid`.

Instead of:
  left=%defaultroute
  left=52.xxx.xxx.xxx

It should be:
  left=%defaultroute
  leftid=52.xxx.xxx.xxx


On Wed, Jun 1, 2016 at 12:05 PM, AJ Bahnken <aj.bahnken at procore.com> wrote:

> Hello everyone,
>
> I've been trying to debug this problem for a while now. I have a fairly
> simple Openswan setup based off of
> http://aws.amazon.com/articles/5472675506466066 that I am trying to get
> working. Annoyingly, when I originally went through this tutorial
> everything worked as expected. Now that I've converted it into Puppet code,
> I am getting a strange error that I can't seem to debug.
>
> The error is:
> ajvb at ip-10-0-0-1 ~$ sudo service ipsec restart
> ipsec_setup: Stopping Openswan IPsec...
> ipsec_setup: Starting Openswan IPsec U2.6.38/K3.13.0-85-generic...
>
> *ipsec_setup: duplicate key '' in conn vpc-to-vpc while processing def
> vpc-to-vpcipsec_setup: while loading 'vpc-to-vpc': duplicate key '' in conn
> vpc-to-vpc while processing def vpc-to-vpc*
>
> Config File (slightly sanitized):
> ajvb at ip-10-0-0-1 ~$ cat /etc/ipsec.conf
> version 2.0
>
> config setup
>   nat_traversal=yes
>   oe=off
>   protostack=netkey
>
> conn vpc-to-vpc
>   type=tunnel
>   authby=secret
>   left=%defaultroute
>   left=52.xxx.xxx.xxx
>   leftnexthop=%defaultroute
>   leftsubnet=10.0.0.0/16
>   right=52.xxx.xxx.xxx
>   rightsubnet=172.16.0.0/16
>   pfs=yes
>   auto=start
>
>
> System Information:
> ajvb at ip-10-0-0-1 ~$ uname -a
> Linux ip-10-0-0-1 3.13.0-85-generic #129-Ubuntu SMP Thu Mar 17 20:50:15
> UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
> ajvb at ip-10-0-0-1 ~$ ipsec --version
> Linux Openswan U2.6.38/K3.13.0-85-generic (netkey)
>
> IPSec Verify:
> sudo ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan U2.6.38/K3.13.0-85-generic (netkey)
> Checking for IPsec support in kernel                            [OK]
>  SAref kernel support                                           [N/A]
>  NETKEY:  Testing XFRM related proc values                      [OK]
>         [OK]
>         [OK]
> Checking that pluto is running                                  [OK]
>  Pluto listening for IKE on udp 500                             [OK]
>  Pluto listening for NAT-T on udp 4500                          [OK]
> Checking for 'ip' command                                       [OK]
> Checking /bin/sh is not /bin/dash                               [WARNING]
> Checking for 'iptables' command                                 [OK]
> Opportunistic Encryption Support                                [DISABLED]
>
>
> I've seen this error referenced a few places online, but there isn't
> really any discussion as to what causes it or how it was fixed.
>
> Any help would be appreciated. Thanks!
>
>
> Sincerely,
> AJ
>
>
> --
>
> *AJ Bahnken*
> Site Reliability Engineer  |  *Procore*
> 6309 Carpinteria Ave  |  Carpinteria, CA 93013
> aj.bahnken at procore.com  |  LinkedIn
> <https://www.linkedin.com/in/ajvbahnken>
>
> *Have you visited our Jobsite? <http://jobsite.procore.com>*
>
> [image: Procore]
> www.procore.com  |  LinkedIn
> <http://www.linkedin.com/company/procore-technologies>  |  Facebook
> <http://www.facebook.com/procore.tech>  |  Twitter
> <http://www.twitter.com/procoretech>  |  YouTube
> <http://www.youtube.com/user/ProcoreVideo>
>
> Procore Technologies, Inc., the world's number one most widely used
> construction management software, helps firms drastically increase project
> efficiency and accountability by streamlining and mobilizing project
> communication and documentation. Users manage all types of construction
> projects including industrial plants, office buildings, apartment
> complexes, university facilities, retail centers, and more.
>



-- 

*AJ Bahnken*
Site Reliability Engineer  |  *Procore*
6309 Carpinteria Ave  |  Carpinteria, CA 93013
aj.bahnken at procore.com  |  LinkedIn <https://www.linkedin.com/in/ajvbahnken>

*Have you visited our Jobsite? <http://jobsite.procore.com>*

[image: Procore]
www.procore.com  |  LinkedIn
<http://www.linkedin.com/company/procore-technologies>  |  Facebook
<http://www.facebook.com/procore.tech>  |  Twitter
<http://www.twitter.com/procoretech>  |  YouTube
<http://www.youtube.com/user/ProcoreVideo>

Procore Technologies, Inc., the world's number one most widely used
construction management software, helps firms drastically increase project
efficiency and accountability by streamlining and mobilizing project
communication and documentation. Users manage all types of construction
projects including industrial plants, office buildings, apartment
complexes, university facilities, retail centers, and more.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160605/ef56b417/attachment.html>

More information about the Users mailing list