[Pkg-swan-devel] Patch for vici, swanctl, xauth-noauth and kernel-libipsec

Romain Francoise rfrancoise at debian.org
Thu Nov 13 16:56:20 UTC 2014


Thanks for the patch, my comments below...

On Mon, Nov 10, 2014 at 01:55:17PM +0300, ValdikSS wrote:
> There is a new strongswan control utility named swanctl, which
> requires new protocol named vici, and it's very convinient.

Yes, but it shouldn't go in strongswan-starter. The starter is
deprecated on systems which have systemd since we can use the new
charon-systemd daemon instead. So swanctl should probably have its own
separate binary package.

> Also, there is module xauth-noauth which is very helpful for IKEv1
> clients which support XAUTH-RSA only with username/password
> authentication.

Do you know if this is still needed with current versions of iOS?

> And the last one is kernel-libipsec. It is a user-land IPsec
> implementation, which allows to use strongSwan in OpenVZ containers.
> I'd like to have this options enabled in the build. Here is the patch.
> Please test kernel-libipsec. It should not load if native IPsec support
> is detected. If it loads, maybe it would be better to split it into
> individual package.

Personally I have no use for this and if we enable it, we have to
support it. So I'm not sure.

Romain Francoise <rfrancoise at debian.org>

More information about the Pkg-swan-devel mailing list