This error is very common and simple which you might get when trying to restart ipsec services.
Please follow the below solution in case you get this error
Error: unexpected KEYWORD, expecting $end [type]
# service ipsec restart
failed to start openswan IKE daemon - the following error occured:
can not load config '/etc/ipsec.conf': /etc/ipsec.conf:25: syntax error, unexpected KEYWORD, expecting $end [type]
Solution:
Make sure that all the parameters inside ipsec.conf except 'conn', 'version' and 'config' are started after a TAB like as shown below
# vi /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
interfaces=%defaultroute
oe=off
# Enable this if you see "failed to find any available worker"
nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
conn sonicwall
type=tunnel
left=10.10.10.134 # Your local linux machine IP
leftsubnet=10.10.10.0/24 # The subnet of your local Linux machine
leftid=@GroupVPN # Same as given in Sonicwall
leftxauthclient=yes
right=xxx.xxx.xxx.xxx # Sonicwall VPN IP
rightsubnet=192.168.0.0/24 # Sonicwall LAN subnet
rightid=@xxxxxxxxxxx # Sonicwall Unique Identifier
rightxauthserver=yes
keyingtries=0
pfs=yes
auto=add
auth=esp
esp=3DES-SHA1 # protocol used for authentication in sonicwall
ike=3DES-SHA1
authby=secret
aggrmode=yes
Now you can start the services
# service ipsec start
or
# ipsec setup --start
ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.18-238.9.1.el5xen...
ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
For complete configuration steps of openswan including screenshots follow this page
openswan configuration in RedHat5
Read Also:
Install & Configure OpenVPN Server Easy-RSA 3 (RHEL/CentOS 7) in Linux