I have vpn tunnel from a linux box to a fortigate firewall/vpn

The ipsec.conf file is correctly formated and the conenction works
if I add the following line to the ipsec.conf file
rekeyfuzz=0%
and reload the file it gives this error

can not load config '/etc/ipsec.conf': /etc/ipsec.conf:48: bad duration multiplier '%' on 0% [0%] failed to parse config setup portion on ipsec.conf

I know that this format is correct, I do not think that 10-15 examples on Google and the ipsec.conf man would be wrong. what is going on???


here is a copy of /etc/ipsec.conf

# basic configuration
config setup
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
# plutodebug="control parsing"
#
# Only enable *debug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
# exclude networks used on server side by adding %v4:!a.b.c.0/24
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
# OE is now off by default. Uncomment and change to on, to enable.
OE=off
# which IPsec stack to use. netkey,klips,mast,auto or none
protostack=netkey

# My conenction
conn test
leftxauthclient=yes
rightxauthserver=yes
left=%defaultroute
leftsourceip=xxx.xxx.xxx.xxx
right=xxx.xxx.xxx.xxx
rightsubnet=xxx.xxx.xxx.xxx/xx
keyexchange=ike
auth=esp
authby=secret
esp=3des
compress=no
pfs=yes
auto=add
ikelifetime=24h
keylife=8h
rekey=no
rekeyfuzz=0%