Bug 751038

Summary: timout when phase1 algorithm contains space after semi-colon
Product: Red Hat Enterprise Linux 6 Reporter: Vladimir Benes <vbenes>
Component: NetworkManager-openswanAssignee: Avesh Agarwal <avagarwa>
Status: CLOSED NOTABUG QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2CC: jrieden, tpelka
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-15 22:42:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Vladimir Benes 2011-11-03 10:44:31 UTC 
Description of problem:
when I tries to connect to vpn using aes-sha1;modp1024 I have to use it without space as with space (aes-sha1; modp1024) it times out. No fail but timeout. I would suggest removal of white spaces from this line. Does it make any difference if there is space or not?

Version-Release number of selected component (if applicable):
NetworkManager-0.8.1-15.el6.x86_64
NetworkManager-openswan-0.8.0-7.el6.x86_64
NetworkManager-gnome-0.8.1-15.el6.x86_64
NetworkManager-glib-0.8.1-15.el6.x86_64
Comment 1 Avesh Agarwal 2011-12-15 20:35:16 UTC 
Why do you think that "aes-sha1; modp1024" should work?

Openswan parser works in its particular way and the format is specified in the man page, as is evident "man ipsec.conf". 

"
IKE encryption/authentication algorithm to be used for the connection (phase 1 aka ISAKMP SA). The format is "cipher-hash;modpgroup, cipher-hash;modpgroup, ..." 
"

Then why are you using the ike parameter in wrong way when it is clearly stated in the man page how it should be used?
Comment 2 Tomas Pelka 2011-12-15 22:37:16 UTC 
Since this is documented, I would say we can close as NOTABUG.
Comment 3 Avesh Agarwal 2011-12-15 22:42:57 UTC 
(In reply to comment #2)
> Since this is documented, I would say we can close as NOTABUG.

I agree, and I am closing this as NOTABUG.