IPSec failed to start (Protocol / Topology )

ipsec

(EnzoC) #1

in /var/log/message when stop and start ipsec tunnel i see

 Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
 proxy addconn: cannot load config '/etc/ipsec.conf': /etc/ipsec.d/tunnels.conf:19: syntax error, unexpected STRING [Protocol]

on line /etc/ipsec.d/tunnels.conf:19

conn xxxxxx_ipsec-tunnel
    Protocol=udp                          <--line 19
    Topology=subnet                    <--line 20
    authby=secret
    auto=start
    compress=no

i have insert a comment on line 19 - 20 and
service ipsec start

vpn now is up


(Michael Kicks) #2

Is your tunnel using PSK? How many characters are there?


(EnzoC) #3

Yes PSK with 21 characters


(Michael Kicks) #4

Is it possible to “shrink” to 18 char for test?
I had similar issue here…

(I could probably be wrong… but i hope it’s worth the test…)


(EnzoC) #5

Unfortunately the other firewall is a zywall managed by another company at € 70 per call.

I have already installed a Nethserver Appliance (only for vpn in bridge connections), i’m waiting to move all the services on the NS and I will use the new VPN module.

thanks @pike I did not see the post, in fact until a few days ago it worked perfectly

But sorry, the log says clearly that you do not expect it
Unexpected STRING [Protocol]

It can simply be the uppercase letter?


(Michael Kicks) #6

During the weekend ad updated IPsec package was released, adding among other things to enable/disable tunnels from the tunnel list.
I also added a reboot for my issues…


(Davide Principi) #7

Hi @sharpec it is a regression caused by nethserver-openvpn-1.6.0-1.ns7.noarch release.

A migrate fragment from that package pollutes the vpn DB.

Issue tracked by

I’m fast-tracking this issue, do you want to test the fix?

BTW: great catch!


(EnzoC) #8

of course


(Davide Principi) #9

The fix is available from nethserver-testing repo.

Please install with

yum --enablerepo=nethserver-testing update nethserver-openvpn

The vpn DB contents should be fixed after installation. Restart ipsec manually with

 signal-event nethserver-ipsec-tunnels-update

Check the exit code is 0:

echo $?

(Davide Principi) #10

Released

nethserver-openvpn-1.6.2-1.ns7.noarch.rpm


(Davide Principi) #11