# strongswan no acceptable traffic selectors found

## Duco Ergo Sum

Hi,

I've only recently been able to connect to the internet after a prolonger period.  Subsequently, I have run updates and am now unable to VPN into the office.

```

* Starting  ...

/etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]

invalid config file '/etc/strongswan.conf'

Starting strongSwan 5.2.2 IPsec [starter]...

```

```

# ipsec up vpn.office.com

/etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting NEWLINE or '{' or '=' [vpn]

invalid config file '/etc/strongswan.conf'

initiating Main Mode IKE_SA vpn.office.com[1] to 17.11.7.5

generating ID_PROT request 0 [ SA V V V V ]

sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)

received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)

parsed ID_PROT response 0 [ SA V V ]

received draft-ietf-ipsec-nat-t-ike-02\n vendor ID

received FRAGMENTATION vendor ID

generating ID_PROT request 0 [ KE No NAT-D NAT-D ]

sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)

received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)

parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]

received Cisco Unity vendor ID

received XAuth vendor ID

received unknown vendor ID: [Available On Request]

received unknown vendor ID: [Available On Request]

local host is behind NAT, sending keep alives

generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]

sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)

received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)

parsed ID_PROT response 0 [ ID HASH V ]

received DPD vendor ID

IKE_SA vpn.office.com[1] established between 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]

generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID NAT-OA NAT-OA ]

sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)

received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)

parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID N(([Available On Request])) NAT-OA ]

received 28800s lifetime, configured 0s

no acceptable traffic selectors found

establishing connection 'vpn.office.com' failed

```

The only other issue of note is that the behaviour of Networkmanager appears to have changed during boot.  Previously, there was a 1 second wait, now that is gone.  I have searched the web for similar issues and found none.

The details of how my VPN came to be set up are available:

https://forums.gentoo.org/viewtopic-t-998042-postdays-0-postorder-asc-start-0.html

----------

## Duco Ergo Sum

I have learned that the syntax error came from there being connection configuration in the StrongSwan configuration files.

Connection information belongs in the ipsec.conf and child files.

Plugin and logger configuration go in the strongswan.conf and child files.

----------

