This error is very common and simple which you might get when trying to restart ipsec services.
Please follow the below solution in case you get this error
Error: unexpected KEYWORD, expecting $end [type]
# service ipsec restart failed to start openswan IKE daemon - the following error occured: can not load config '/etc/ipsec.conf': /etc/ipsec.conf:25: syntax error, unexpected KEYWORD, expecting $end [type]
Solution:
Make sure that all the parameters inside ipsec.conf except 'conn', 'version' and 'config' are started after a TAB like as shown below
# vi /etc/ipsec.conf version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # Debug-logging controls: "none" for (almost) none, "all" for lots. # klipsdebug=none # plutodebug="control parsing" # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey protostack=netkey nat_traversal=yes interfaces=%defaultroute oe=off # Enable this if you see "failed to find any available worker" nhelpers=0 #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this. conn sonicwall type=tunnel left=10.10.10.134 # Your local linux machine IP leftsubnet=10.10.10.0/24 # The subnet of your local Linux machine leftid=@GroupVPN # Same as given in Sonicwall leftxauthclient=yes right=xxx.xxx.xxx.xxx # Sonicwall VPN IP rightsubnet=192.168.0.0/24 # Sonicwall LAN subnet rightid=@xxxxxxxxxxx # Sonicwall Unique Identifier rightxauthserver=yes keyingtries=0 pfs=yes auto=add auth=esp esp=3DES-SHA1 # protocol used for authentication in sonicwall ike=3DES-SHA1 authby=secret aggrmode=yes
Now you can start the services
# service ipsec start or # ipsec setup --start ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.18-238.9.1.el5xen... ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
For complete configuration steps of openswan including screenshots follow this page
openswan configuration in RedHat5
Read Also:
Install & Configure OpenVPN Server Easy-RSA 3 (RHEL/CentOS 7) in Linux