Connection edit - extra CRLF might append to the pre-shared key

Asked by karatedog on 2011-09-17

When I create or edit a new connection, I usually copy/paste the string that goes into the "Use pre-shared key for authentication", because I usually got it by mail or a document. If that pre-shared key happens to be at the end of the line in the document a double-click operation may select the CRLF (or LF) along with the key, but this is totally unnoticed by the user.
Pasting this key with the CRLF into the editor will make its way down to /etc/ipsec.secrets file, which makes the pre-shared key invalid, as there will be a newline before the closing quotation mark.

The first sign of the error:
003 "/etc/ipsec.secrets" line 20: unterminated string
003 "/etc/ipsec.secrets" line 21: unterminated string
003 ERROR "/etc/ipsec.secrets" line 21: index """ illegal (non-DNS-name) character in name
003 "/etc/ipsec.secrets" line 22: unexpected end of id list
Sep 17 23:03:10 ub64-T400 ipsec__plutorun: 003 "/etc/ipsec.secrets" line 20: unterminated string
Sep 17 23:03:10 ub64-T400 ipsec__plutorun: 003 "/etc/ipsec.secrets" line 21: unterminated string
Sep 17 23:03:10 ub64-T400 ipsec__plutorun: 003 ERROR "/etc/ipsec.secrets" line 21: index """ illegal (non-DNS-name) character in name
Sep 17 23:03:10 ub64-T400 ipsec__plutorun: 003 "/etc/ipsec.secrets" line 22: unexpected end of id list
Last command timed out

And /etc/ipsec.secrets contains this:

# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
#
%any 212.xx.xxx.xxx: PSK "presharedkey
"

Question information

Language:
English Edit question
Status:
Solved
For:
L2TP over IPsec VPN Manager Edit question
Assignee:
No assignee Edit question
Solved by:
Werner Jaeger
Solved:
2011-09-18
Last query:
2011-09-18
Last reply:
2011-09-18
Best Werner Jaeger (werner-jaeger) said : #1

Thank you so much for pointing out this bug. I'm going to fix this in the next version!

karatedog (karatedog) said : #2

Thanks Werner Jaeger, that solved my question.