[Pkg-swan-devel] Patch for vici, swanctl, xauth-noauth and kernel-libipsec
Romain Francoise
rfrancoise at debian.org
Thu Nov 13 16:56:20 UTC 2014
Hi,
Thanks for the patch, my comments below...
On Mon, Nov 10, 2014 at 01:55:17PM +0300, ValdikSS wrote:
> There is a new strongswan control utility named swanctl, which
> requires new protocol named vici, and it's very convinient.
Yes, but it shouldn't go in strongswan-starter. The starter is
deprecated on systems which have systemd since we can use the new
charon-systemd daemon instead. So swanctl should probably have its own
separate binary package.
> Also, there is module xauth-noauth which is very helpful for IKEv1
> clients which support XAUTH-RSA only with username/password
> authentication.
Do you know if this is still needed with current versions of iOS?
> And the last one is kernel-libipsec. It is a user-land IPsec
> implementation, which allows to use strongSwan in OpenVZ containers.
> I'd like to have this options enabled in the build. Here is the patch.
> Please test kernel-libipsec. It should not load if native IPsec support
> is detected. If it loads, maybe it would be better to split it into
> individual package.
Personally I have no use for this and if we enable it, we have to
support it. So I'm not sure.
--
Romain Francoise <rfrancoise at debian.org>
http://people.debian.org/~rfrancoise/
More information about the Pkg-swan-devel
mailing list