Bug 524139 - the configuration parser works not correctly or the mannual of ipsec.conf is out of date
Summary: the configuration parser works not correctly or the mannual of ipsec.conf is ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openswan
Version: 5.5
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Avesh Agarwal
QA Contact: BaseOS QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-18 03:52 UTC by Osier Yang
Modified: 2014-03-27 01:01 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-10 16:00:38 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Osier Yang 2009-09-18 03:52:16 UTC
Description of problem:
the configuration parser work not correct.  

From the mannual of ipsec.conf,  it says the value of the key such as 'ike' and 'esp' could be seperated by ','  or ';',  when seperating two 'cipher-hash', use comma,  when seperating the 'cipher-hash' with modpgroup', use semicolon,but it actullay doesn't works. '

so may be it's a bug of the configuration parser or mannual is out of date

Version-Release number of selected component (if applicable):
openswan-2.6.21-5.el5


How reproducible:


Steps to Reproduce:
1.  find two hosts that support openswan.
     I setup two virtual machines, both are rhel5.4

2. install openswan from yum or compile from the source code on each host
   if using yum:
         # yum install openswan -y
   if compile from source code:
        1>download the source package from http://www.openswan.org/code/
        2>extract the  source
        3>make programs install

3.  config 
    for the left node:
       config setup
          crlcheckinterval="180"
          strictcrlpolicy=no
          protostack=netkey
          interfaces=%defaultroute
            
       conn %default
          ikelifetime="60m"
          keylife="20m"
          rekeymargin="3m"
          keyingtries=1
          phase2=esp
          ike=3des-sha1;modp1024
          phase2alg=3des-sha1
          authby=secret
          ikev2=yes
          rekey=yes
          keyexchange=ike
        
     conn host-host
         connaddrfamily=ipv4
         left=192.168.122.157
         right=192.168.122.185
         type=tunnel
         compress=no
         auto=add

     for the right node:
       config setup
          crlcheckinterval="180"
          strictcrlpolicy=no
          protostack=netkey
          interfaces=%defaultroute
            
       conn %default
          ikelifetime="60m"
          keylife="20m"
          rekeymargin="3m"
          keyingtries=1
          phase2=esp
          ike=3des-sha1;modp1024
          phase2alg=3des-sha1
          authby=secret
          ikev2=yes
          rekey=yes
          keyexchange=ike
        
     conn host-host
         connaddrfamily=ipv4
         left=192.168.122.185
         right=192.168.122.157
         type=tunnel
         compress=no
         auto=add

4.  start ipsec service on each host
     # service ispec start 

5.  setup the connection on each host
    # ipsec auto --up host-host
    # ipsec auto --up host-host
  
Actual results:
[root@localhost etc]# !ipsec
ipsec auto --up host-host
000 initiating all conns with alias='host-host' 
021 no connection named "host-host"

Expected results:
the connection 'host-host' was setup successfully, the ipsec tunnel was setup

Additional info:
I have  downloaded source package with version 2.6.23, and installed it with cimpling, with the same steps,  it returned the same error results.

Comment 1 Osier Yang 2009-09-23 02:38:15 UTC
have reported a same bug on bugs.openswan.org, the link is: https://gsoc.xelerance.com/issues/1061

Comment 4 Avesh Agarwal 2013-01-10 16:00:38 UTC
This is already fixed as part of the released version in rhel 5.9, so closing this now.


Note You need to log in before you can comment on or make changes to this bug.