问题
重启 ipsec 服务时,报错:
# service ipsec restart failed to start openswan IKE daemon - the following error occured: can not load config '/etc/ipsec.conf': /etc/ipsec.conf:25: syntax error, unexpected KEYWORD, expecting $end [type]
解决方案
确保 ipsec.conf
中除 'conn'、'version' 和 'config' 之外的所有参数都在 TAB 之后,如下所示
# vi /etc/ipsec.conf version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # Debug-logging controls: "none" for (almost) none, "all" for lots. # klipsdebug=none # plutodebug="control parsing" # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey protostack=netkey nat_traversal=yes interfaces=%defaultroute oe=off # Enable this if you see "failed to find any available worker" nhelpers=0 #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this. conn sonicwall type=tunnel left=10.10.10.134 # Your local linux machine IP leftsubnet=10.10.10.0/24 # The subnet of your local Linux machine leftid=@GroupVPN # Same as given in Sonicwall leftxauthclient=yes right=xxx.xxx.xxx.xxx # Sonicwall VPN IP rightsubnet=192.168.0.0/24 # Sonicwall LAN subnet rightid=@xxxxxxxxxxx # Sonicwall Unique Identifier rightxauthserver=yes keyingtries=0 pfs=yes auto=add auth=esp esp=3DES-SHA1 # protocol used for authentication in sonicwall ike=3DES-SHA1 authby=secret aggrmode=yes
现在我们可以启动服务
# service ipsec start 或者 # ipsec setup --start ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.18-238.9.1.el5xen... ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
日期:2020-06-02 22:17:18 来源:oir作者:oir