[Openswan Users] Configuration file parser does not support modp specifier for ike parameter

Paul Wouters paul at xelerance.com
Mon Nov 28 21:23:57 EST 2011

On Mon, 28 Nov 2011, Steve Lanser wrote:

> Thanks Paul for your prompt response!!
> What do you consider to be the most stable release after 2.6.24?

You're asking the release manager, so I will always say the latest release is
our best ever. 2.6.37 so far.


> Steve
> On Mon, Nov 28, 2011 at 04:43:01PM -0500, Paul Wouters wrote:
>> On Mon, 28 Nov 2011, Steve Lanser wrote:
>>> I'm new to this forum.  I've recently begun testing Openswan 2.6.21 (on
>>> CentOS, 2.6.18), and I've discovered what looks to be a longstanding bug in
>>> the parser (or in the documentation), namely that it fails to support
>>> ";modpXXXX" syntax in the ike parameter, as stated in the ipsec.conf man
>>> In short, the parser appears simply to reject the semicolon suffix syntax
>>> component altogether, and issues, for example, an error like this:
>>> pluto[31725]: esp string error: Non alphanum or valid separator found in
>>> auth string, just after "3des-sha1" (old_state=ST_AA)
>>> for the ipsec.conf configuration parameter:
>>>   ike = 3des-sha1;modp1024
>> This has been fixed in openswan 2.6.24 released Jan 8 2010.
>> Paul

More information about the Users mailing list