[Swan-dev] cannot load config '/etc/ipsec.conf': /etc/ipsec.conf:10: syntax error, unexpected STRING [crl_strict]

Paul Wouters paul at nohats.ca
Wed Oct 7 01:37:10 UTC 2020

On Tue, 6 Oct 2020, Andrew Cagney wrote:

>> We have had that situation for many years now (like 5-7 or so)
>> I placed back aliaes for virtual_private and plutostderrlog because
>> those are part of many default config files we shipped. I think the
>> rest should really go or else we should forever keep them.
> I think the middle ground is to reject the old names, but have the log
> message spell out the replacement.  In the above noting that
> crl_strict is replaced by crl-strict.  Other is to just allow [-_].

Unfortunately since this mostly happens in addconn, there is no real
logging, but only stderr or stdout. And if those are issued, it
screws up ipsec addconn --configsetup which is used to grab config
values by other (init)scripts. Since the libipsecconf code also
goes through all connections when loading/parsing the config
file to get the "config setup" section, _any_ obsolete warning
will throw of the init system.

All of this could be addressed, but I think in practise, we would
be okay with just the two old ones I added as aliases (not as
kt_obsolete to prevent the warnings).

Although for RHEL 8.4, we cannot break things between 3.32 -> 4.0,
so for that I need to backport the old names until we hit RHEL9.

We could undo it all, but then we have to live with underscores
forever :/


More information about the Swan-dev mailing list