Bug 524139

Summary: the configuration parser works not correctly or the mannual of ipsec.conf is out of date
Product: Red Hat Enterprise Linux 5 Reporter: Osier Yang <jyang>
Component: openswanAssignee: Avesh Agarwal <avagarwa>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE <qe-baseos-auto>
Severity: medium Docs Contact:
Priority: low    
Version: 5.5CC: dallan, gren, jiabwang, llim, sghosh, sgrubb, tis, wmealing
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-10 16:00:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Osier Yang 2009-09-18 03:52:16 UTC 
Description of problem:
the configuration parser work not correct.  

From the mannual of ipsec.conf,  it says the value of the key such as 'ike' and 'esp' could be seperated by ','  or ';',  when seperating two 'cipher-hash', use comma,  when seperating the 'cipher-hash' with modpgroup', use semicolon,but it actullay doesn't works. '

so may be it's a bug of the configuration parser or mannual is out of date

Version-Release number of selected component (if applicable):
openswan-2.6.21-5.el5


How reproducible:


Steps to Reproduce:
1.  find two hosts that support openswan.
     I setup two virtual machines, both are rhel5.4

2. install openswan from yum or compile from the source code on each host
   if using yum:
         # yum install openswan -y
   if compile from source code:
        1>download the source package from http://www.openswan.org/code/
        2>extract the  source
        3>make programs install

3.  config 
    for the left node:
       config setup
          crlcheckinterval="180"
          strictcrlpolicy=no
          protostack=netkey
          interfaces=%defaultroute
            
       conn %default
          ikelifetime="60m"
          keylife="20m"
          rekeymargin="3m"
          keyingtries=1
          phase2=esp
          ike=3des-sha1;modp1024
          phase2alg=3des-sha1
          authby=secret
          ikev2=yes
          rekey=yes
          keyexchange=ike
        
     conn host-host
         connaddrfamily=ipv4
         left=192.168.122.157
         right=192.168.122.185
         type=tunnel
         compress=no
         auto=add

     for the right node:
       config setup
          crlcheckinterval="180"
          strictcrlpolicy=no
          protostack=netkey
          interfaces=%defaultroute
            
       conn %default
          ikelifetime="60m"
          keylife="20m"
          rekeymargin="3m"
          keyingtries=1
          phase2=esp
          ike=3des-sha1;modp1024
          phase2alg=3des-sha1
          authby=secret
          ikev2=yes
          rekey=yes
          keyexchange=ike
        
     conn host-host
         connaddrfamily=ipv4
         left=192.168.122.185
         right=192.168.122.157
         type=tunnel
         compress=no
         auto=add

4.  start ipsec service on each host
     # service ispec start 

5.  setup the connection on each host
    # ipsec auto --up host-host
    # ipsec auto --up host-host
  
Actual results:
[root@localhost etc]# !ipsec
ipsec auto --up host-host
000 initiating all conns with alias='host-host' 
021 no connection named "host-host"

Expected results:
the connection 'host-host' was setup successfully, the ipsec tunnel was setup

Additional info:
I have  downloaded source package with version 2.6.23, and installed it with cimpling, with the same steps,  it returned the same error results.
Comment 1 Osier Yang 2009-09-23 02:38:15 UTC 
have reported a same bug on bugs.openswan.org, the link is: https://gsoc.xelerance.com/issues/1061
Comment 4 Avesh Agarwal 2013-01-10 16:00:38 UTC 
This is already fixed as part of the released version in rhel 5.9, so closing this now.