Project

General

Profile

Issue #2249

Unable to parse ipsec.conf file correctly

Added by Harshal Haridas almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Category:
configuration
Affected version:
5.2.0
Resolution:
No change required

Description

I have two Windriver Linux platforms. When I run using an IPsec.conf file on one platform, it runs correctly and I am able to do IPsec communication to the device with strongswan installed and working. However, when I copy-paste the file and try to run a similar configuration on another Windriver Linux platform, it fails to parse the IPsec.conf file because there are white spaces. After removing empty lines and white spaces, it reports "Bad duration values", "Bad Integer value" and some bad argument for every conn parameter.

Here is my IPsec.conf

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
    # strictcrlpolicy=yes
    # uniqueids = no
    charondebug="ike 4, knl 3, cfg 1" 

# Add connections here. 
conn common
    type=transport
    keyexchange=ikev1
    ike=aes128-sha256-ecp256!
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    rightauth=pubkey
    rightca=%same
    leftauth=pubkey
    leftcert=BAC001_cert.der
    inactivity=120

# encrypted
conn common_e
    esp=aes128gcm16!
    also=common

conn host-host
    left=192.168.0.5
    right=192.168.0.102
    rightid=%any
    also=common_e
    auto=route
ipsec.conf.jpg (89.8 KB) ipsec.conf.jpg Harshal Haridas, 13.02.2017 23:57

History

#1 Updated by Harshal Haridas almost 4 years ago

Seems like the formatting did not copy paste well. The conn common and conn common_e do not have a tab (as seen above). Additionally, everything below conn host-host has a tab at the beginning. See attached JPEG file to get a better idea

#2 Updated by Tobias Brunner almost 4 years ago

  • Description updated (diff)
  • Category changed from charon to configuration
  • Status changed from New to Feedback

After removing empty lines and white spaces, it reports "Bad duration values", "Bad Integer value" and some bad argument for every conn parameter.

Sounds like a platform/encoding/copy-n-paste problem you should investigate further. But why is there an uncommented URL seen in the screenshot (after "Add connections here")? Are you using the same strongSwan version on both hosts? Could you post the actual config file that fails (the actual file, not copy-n-pasted into the text field)?

#3 Updated by Harshal Haridas almost 4 years ago

Thanks. Found out that there were ^M added to the end of line on each line in IPsec.conf file. By removing them, the parsing worked correctly and have no more issues. Please resolve the issue and mark it as complete.

#4 Updated by Tobias Brunner almost 4 years ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No change required

Also available in: Atom PDF