I am doing a fresh install of LibreSwan and I cannot get it to recognize the autokeying parameters.

I have an include for file vpn.conf which contains the following - very simple:

cat vpn.conf
conn mytunnel
type=tunnel
left=192.168.2.23
right=192.168.2.45
authby=secret
auto=add

When I run ipsec setup start I get the following errors:

ipsec setup start
ERROR: /etc/ipsec.d/vpn.conf: 2: keyword type, invalid value: tunnel
ERROR: /etc/ipsec.d/vpn.conf: 2: keyword type, invalid value: tunnel
ERROR: /etc/ipsec.d/vpn.conf: 2: keyword type, invalid value: tunnel
unknown stack
Redirecting to: systemctl start ipsec.service
Job for ipsec.service failed because the control process exited with error code. See "systemctl status ipsec.service" and "journalctl -xe" for details.

I have edited and recreated the file thinking that there were some non-printable character - but I can't seem to get past this. If I comment out that line it errors onauthby=secret

It's driving me crazy - any help would be appreciated.

From https://libreswan.org/man/ipsec.conf.5.html (my emphasis):

The file listing you provided shows no white space before the section contents. The page I referred to appears to use a tab as its white space character in the examples it shows.

Sorry - it's because of the way that it pasted onto the page. There are white spaces for all the lines after conn mytunnel

conn mytunnel
type=tunnel
left=192.168.2.23
right=192.168.2.45
authby=secret
auto=add

No problem. You can manually surround output with CODE tags, or select the output and press # on the LQ Advanced Editor (see "Go Advanced" at the bottom of the text box if this isn't showing), like this:

I'll have another look at that config file.

One other link that I find on the web indicating a similar error message concluded that the poster had strange characters somewhere in the config file - you probably saw that thread too, hence your looking for non-printable characters.

Just so that we can exhaust that line of enquiry, can you paste the output from:

hexdump -C vpn.conf

Thanks - new to posting on this forum

I did see that one - so I tried different editors. VI, Atom Wordpad etc.

I don't see anything weird

hexdump -C vpn.conf
00000000 63 6f 6e 6e 20 6d 79 74 75 6e 6e 65 6c 0d 0a 20 |conn mytunnel.. |
00000010 20 74 79 70 65 3d 74 75 6e 6e 65 6c 0d 0a 20 20 | type=tunnel.. |
00000020 6c 65 66 74 3d 31 39 32 2e 31 36 38 2e 32 2e 32 |left=192.168.2.2|
00000030 33 0d 0a 20 20 72 69 67 68 74 3d 31 39 32 2e 31 |3.. right=192.1|
00000040 36 38 2e 32 2e 34 35 0d 0a 20 20 61 75 74 68 62 |68.2.45.. authb|
00000050 79 3d 73 65 63 72 65 74 0d 0a 20 20 61 75 74 6f |y=secret.. auto|
00000060 3d 61 64 64 0d 0a |=add..|
00000066

Me too. Those are Windows line endings, not Linux line endings though, but I don't know if that makes a difference. How did you get those?

How good are you at reading C code? The reason I ask is that I'm now looking at the LibreSwan source code to try to narrow down why those errors are generated. I'm not too au fait with C - if you are then you might want a look.

I'll take a look at the code in the AM. In the mean time I'll save the file in unix format

I save the file in unix format in vi and the CR/LF is now just LF

00000000 63 6f 6e 6e 20 6d 79 74 75 6e 6e 65 6c 0a 20 20 |conn mytunnel. |
00000010 74 79 70 65 3d 74 75 6e 6e 65 6c 0a 20 20 6c 65 |type=tunnel. le|
00000020 66 74 3d 31 39 32 2e 31 36 38 2e 32 2e 32 33 0a |ft=192.168.2.23.|
00000030 20 20 72 69 67 68 74 3d 31 39 32 2e 31 36 38 2e | right=192.168.|
00000040 32 2e 34 35 0a 20 20 61 75 74 68 62 79 3d 73 65 |2.45. authby=se|
00000050 63 72 65 74 0a 20 20 61 75 74 6f 3d 61 64 64 0a |cret. auto=add.|

New error message
ipsec setup start
'arning: could not open include filename: '/etc/ipsec.d/*.conf
]annot load config '/etc/ipsec.conf': /etc/ipsec.conf:2: syntax error, unexpected STRING, expecting $end [
'arning: could not open include filename: '/etc/ipsec.d/*.conf
]annot load config '/etc/ipsec.conf': /etc/ipsec.conf:2: syntax error, unexpected STRING, expecting $end [
'arning: could not open include filename: '/etc/ipsec.d/*.conf
]annot load config '/etc/ipsec.conf': /etc/ipsec.conf:2: syntax error, unexpected STRING, expecting $end [
unknown stack
Redirecting to: systemctl start ipsec.service

Ok. The ERROR: /etc/ipsec.d/vpn.conf: 2: keyword type, invalid value: tunnel errors get generated in lib/libipsecconf/keywords.c, and the unknown stack error gets generated in programs/_stackmanager.in.

Which version of LibreSwan are you using and which Linux distro (and version)?

It looks like I got this fixed by replacing the white spaces with tabs.

I also made sure the file was saved in unix format.

Strange, but excellent news!

If you consider the thread solved, can you mark it so (see "Thread Tools" at the top of the thread).

Cheers.