[Openswan Users] Configuration file parser does not support modp specifier for ike parameter

Paul Wouters paul at xelerance.com
Mon Nov 28 16:43:01 EST 2011

On Mon, 28 Nov 2011, Steve Lanser wrote:

> I'm new to this forum.  I've recently begun testing Openswan 2.6.21 (on
> CentOS, 2.6.18), and I've discovered what looks to be a longstanding bug in
> the parser (or in the documentation), namely that it fails to support
> ";modpXXXX" syntax in the ike parameter, as stated in the ipsec.conf man

> In short, the parser appears simply to reject the semicolon suffix syntax
> component altogether, and issues, for example, an error like this:
> pluto[31725]: esp string error: Non alphanum or valid separator found in auth string, just after "3des-sha1" (old_state=ST_AA)
> for the ipsec.conf configuration parameter:
>    ike = 3des-sha1;modp1024

This has been fixed in openswan 2.6.24 released Jan 8 2010.


More information about the Users mailing list