问题
重启 ipsec 服务时,报错:
# service ipsec restart failed to start openswan IKE daemon - the following error occured: can not load config '/etc/ipsec.conf': /etc/ipsec.conf:25: syntax error, unexpected KEYWORD, expecting $end [type]
解决方案
确保 ipsec.conf中除 'conn'、'version' 和 'config' 之外的所有参数都在 TAB 之后,如下所示
# vi /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
interfaces=%defaultroute
oe=off
# Enable this if you see "failed to find any available worker"
nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
conn sonicwall
type=tunnel
left=10.10.10.134 # Your local linux machine IP
leftsubnet=10.10.10.0/24 # The subnet of your local Linux machine
leftid=@GroupVPN # Same as given in Sonicwall
leftxauthclient=yes
right=xxx.xxx.xxx.xxx # Sonicwall VPN IP
rightsubnet=192.168.0.0/24 # Sonicwall LAN subnet
rightid=@xxxxxxxxxxx # Sonicwall Unique Identifier
rightxauthserver=yes
keyingtries=0
pfs=yes
auto=add
auth=esp
esp=3DES-SHA1 # protocol used for authentication in sonicwall
ike=3DES-SHA1
authby=secret
aggrmode=yes
现在我们可以启动服务
# service ipsec start 或者 # ipsec setup --start ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.18-238.9.1.el5xen... ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
日期:2020-06-02 22:17:18 来源:oir作者:oir