[Pkg-swan-devel] Bug#787810: libstrongswan-standard-plugins not installed during dist-upgrade

Daniel Pocock daniel at pocock.pro
Fri Jun 5 10:31:46 UTC 2015


Package: libstrongswan-standard-plugins
Version: 5.2.1-6
Severity: serious

I've marked this bug serious because it can lead to a loss of
connectivity for remote users.

The system was running fine with strongSwan on wheezy using ECDSA

The system was upgraded to jessie using apt-get dist-upgrade

After upgrade, the VPN would not start

"ipsec up peer" would complain:

no private key found for 'fromcert'

Looking at the ipsec start logs in syslog, I observed the errors:

building CRED_PRIVATE_KEY - ECDSA failed, tried 2 builders
   loading private key from 'hostKey.der' failed
...
building CRED_CERTIFICATE - ANY failed, tried 1 builders
   loading certificate from 'hostCert.der' failed

Installing the missing package and restarting ipsec resolved the issue:

  apt-get install libstrongswan-standard-plugins
  ipsec stop
  ipsec start

This package may need to be sucked in automatically during dist-upgrade.



More information about the Pkg-swan-devel mailing list