[Openswan Users] openswan 2.6.21 not recognize pfsgroup in ipsec.conf

Zhiping Liu flyingzpl at gmail.com
Tue May 12 02:10:24 EDT 2009

HI everyone:
I  upgrade openswan from version 2.4.10 to 2.6.21,found that config string
"pfsgroup" not recoginize in 2.6.21.
Searing google...found nothing related to my issue.

-bash-3.2$ sudo ipsec setup start
can not load config '/etc/ipsec.conf': /conf/ipsec.d/101.conf:11: syntax
error, unexpected STRING [pfsgroup]
Failed to parse config setup portion of ipsec.conf
-bash-3.2$ vi /conf/ipsec.d/101.conf

conn aa
        type = tunnel
        auto = start
        keyexchange = ike
        authby = secret
        auth = esp
        esp = 3DES-SHA1
        ike = 3DES-MD5-MODP1024
        aggrmode = yes
        pfs = yes
        pfsgroup = MODP1024
        left = %defaultroute
        leftsubnet =
        right = XXXX.3322.org
        rightsubnet =
        leftid = @a
        rightid = @b

I change 1 line in Makefile.inc:

line 362: USE_WEAKSTUFF?=true

from Romeo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090512/da8f80bf/attachment.html 

More information about the Users mailing list