sharpec
(EnzoC)
July 10, 2017, 10:08am
1
in /var/log/message
when stop and start ipsec tunnel i see
Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
proxy addconn: cannot load config '/etc/ipsec.conf': /etc/ipsec.d/tunnels.conf:19: syntax error, unexpected STRING [Protocol]
on line /etc/ipsec.d/tunnels.conf:19
conn xxxxxx_ipsec-tunnel
Protocol=udp <--line 19
Topology=subnet <--line 20
authby=secret
auto=start
compress=no
i have insert a comment on line 19 - 20 and
service ipsec start
vpn now is up
1 Like
pike
(Michael Kicks)
July 10, 2017, 10:12am
2
Is your tunnel using PSK? How many characters are there?
sharpec
(EnzoC)
July 10, 2017, 10:15am
3
Yes PSK with 21 characters
pike
(Michael Kicks)
July 10, 2017, 10:20am
4
Is it possible to “shrink” to 18 char for test?
I had similar issue here…
NethServer Version: NethServer release 7.3.1611
Module: Ipsec tunnels
My silly NethServer installation use this kind of setup.
3 network adapters
1 Red Static IP 172.20.1.99/24, GW 172.20.1.254
1 Green Static IP 172.31.3.1/24
1 Blue Static IP 172.31.251.1 (cable not connected).
At the same DSL router it’s also connected an USG20W appliance by Zyxel, capable of different things… IPSec tunnel for instance.
WAN 172.20.1.252/24, GW 172.20.1.254
LAN1 172.31.1.1/24
I cannot use two public c…
(I could probably be wrong… but i hope it’s worth the test…)
sharpec
(EnzoC)
July 10, 2017, 10:27am
5
Unfortunately the other firewall is a zywall managed by another company at € 70 per call.
I have already installed a Nethserver Appliance (only for vpn in bridge connections), i’m waiting to move all the services on the NS and I will use the new VPN module.
thanks @pike I did not see the post, in fact until a few days ago it worked perfectly
But sorry, the log says clearly that you do not expect it
Unexpected STRING [Protocol]
It can simply be the uppercase letter?
pike
(Michael Kicks)
July 10, 2017, 10:29am
6
During the weekend ad updated IPsec package was released, adding among other things to enable/disable tunnels from the tunnel list.
I also added a reboot for my issues…
davidep
(Davide Principi)
July 10, 2017, 10:33am
7
Hi @sharpec it is a regression caused by nethserver-openvpn-1.6.0-1.ns7.noarch release.
A migrate fragment from that package pollutes the vpn DB.
Issue tracked by
opened 10:23AM - 10 Jul 17 UTC
closed 04:06PM - 10 Jul 17 UTC
bug
verified
After some modifications to the configuration, ipsec tunnels fail to start.
*… *Steps to reproduce**
- create/modify an ipsec tunnel
- see /var/log/messages
**Expected behavior**
Tunnel starts correctly
**Actual behavior**
Error logged:
```text
addconn: cannot load config '/etc/ipsec.conf': /etc/ipsec.d/tunnels.conf:19: syntax error, unexpected STRING [Protocol]
```
on line /etc/ipsec.d/tunnels.conf:19
```text
conn xxxxxx_ipsec-tunnel
Protocol=udp <--line 19
Topology=subnet <--line 20
authby=secret
auto=start
compress=no
```
**Components**
nethserver-openvpn-1.6.0-1.ns7.noarch
nethserver-ipsec-tunnels-1.1.0-1.ns7.noarch
**See also**
http://community.nethserver.org/t/ipsec-failed-to-start-protocol-topology/7349
----
Thanks to **sharpec** for pointing it out
I’m fast-tracking this issue, do you want to test the fix?
BTW: great catch!
davidep
(Davide Principi)
July 10, 2017, 1:12pm
9
The fix is available from nethserver-testing repo.
Please install with
yum --enablerepo=nethserver-testing update nethserver-openvpn
The vpn DB contents should be fixed after installation. Restart ipsec manually with
signal-event nethserver-ipsec-tunnels-update
Check the exit code is 0:
echo $?
davidep
(Davide Principi)
July 10, 2017, 4:06pm
10
Released
nethserver-openvpn-1.6.2-1.ns7.noarch.rpm