as the default wasn't really the default anymore, I moved the identical site1 and site2 lines into %default and removed them from the 'site' conns and addconn --checkconfig worked fine.
But it really should have been able to parse the original ipsec.conf.
Kernel: Linux 4.19.0-5-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libreswan depends on:
ii bind9-host [host] 1:9.11.5.P4+dfsg-5.1
ii bsdmainutils 11.1.2+b1
ii debconf [debconf-2.0] 1.5.71
ii dns-root-data 2019031302
ii host 1:9.10.3.dfsg.P4-12.3+deb9u5
ii iproute2 4.20.0-2
ii iptables 1.8.2-4
ii libaudit1 1:2.8.4-3
ii libc6 2.28-10
ii libcap-ng0 0.7.9-2
ii libcurl3-nss 7.64.0-4
ii libevent-2.1-6 2.1.8-stable-4
ii libevent-pthreads-2.1-6 2.1.8-stable-4
ii libldap-2.4-2 2.4.47+dfsg-3
ii libldns2 1.7.0-4
ii libnspr4 2:4.20-1
ii libnss3 2:3.42.1-1
ii libnss3-tools 2:3.42.1-1
ii libpam0g 1.3.1-5
ii libselinux1 2.8-1+b1
ii libsystemd0 241-5
ii libunbound8 1.9.0-2
ii systemd 241-5
Versions of packages libreswan recommends:
ii python3 3.7.3-1
Bug#934327: libreswan: addconn crash on ipsec.conf
Hello Ray Klassen,
without deeper knowledge of libreswan I tried to reproduce
this issue, but it did not show up for me.
It might be possible to install the package systemd-coredump.
Then in the journal should a backtrace be printed when you
repeat the checkconfig, which you could forward to this bug.
Additionally the backtrace would contain more function names when
the matching debug symbols are installed like described in .
This page might give some more pointer how to retrieve more
information form that issue.