[Pkg-swan-devel] Bug#787810: libstrongswan-standard-plugins not installed during dist-upgrade
Daniel Pocock
daniel at pocock.pro
Fri Jun 5 10:31:46 UTC 2015
Package: libstrongswan-standard-plugins
Version: 5.2.1-6
Severity: serious
I've marked this bug serious because it can lead to a loss of
connectivity for remote users.
The system was running fine with strongSwan on wheezy using ECDSA
The system was upgraded to jessie using apt-get dist-upgrade
After upgrade, the VPN would not start
"ipsec up peer" would complain:
no private key found for 'fromcert'
Looking at the ipsec start logs in syslog, I observed the errors:
building CRED_PRIVATE_KEY - ECDSA failed, tried 2 builders
loading private key from 'hostKey.der' failed
...
building CRED_CERTIFICATE - ANY failed, tried 1 builders
loading certificate from 'hostCert.der' failed
Installing the missing package and restarting ipsec resolved the issue:
apt-get install libstrongswan-standard-plugins
ipsec stop
ipsec start
This package may need to be sucked in automatically during dist-upgrade.
More information about the Pkg-swan-devel
mailing list