[Openswan Users] Configuration file parser does not support modp specifier for ike parameter

Steve Lanser slanser at tallmaple.com
Mon Nov 28 16:58:43 EST 2011

Thanks Paul for your prompt response!!

What do you consider to be the most stable release after 2.6.24?


On Mon, Nov 28, 2011 at 04:43:01PM -0500, Paul Wouters wrote:
> On Mon, 28 Nov 2011, Steve Lanser wrote:
> >I'm new to this forum.  I've recently begun testing Openswan 2.6.21 (on
> >CentOS, 2.6.18), and I've discovered what looks to be a longstanding bug in
> >the parser (or in the documentation), namely that it fails to support
> >";modpXXXX" syntax in the ike parameter, as stated in the ipsec.conf man
> >In short, the parser appears simply to reject the semicolon suffix syntax
> >component altogether, and issues, for example, an error like this:
> >
> >pluto[31725]: esp string error: Non alphanum or valid separator found in 
> >auth string, just after "3des-sha1" (old_state=ST_AA)
> >
> >for the ipsec.conf configuration parameter:
> >
> >   ike = 3des-sha1;modp1024
> This has been fixed in openswan 2.6.24 released Jan 8 2010.
> Paul

More information about the Users mailing list