[Pkg-swan-devel] Bug#918022: strongswan-swanctl
Williams, Gareth
gareth at garethwilliams.me.uk
Wed Jan 2 13:08:03 GMT 2019
Package: strongswan-swanctl
Version: 5.5.1-4+deb9u4
Depends: libstrongswan (= 5.5.1-4+deb9u4), libc6 (>= 2.4)
Running on: Debian 9.6
Kernel: 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux
libc6 Version: 2.24-11+deb9u3
------------------------------------------------------------------------------------
Only the package `strongswan-starter` contains the
`/usr/lib/ipsec/_updown` script for configuring `iptables`.
If an installation uses `strongswan-swanctl` instead of the older
starter/ipsec scripts then the `_updown` script won't be installed.
The script is used in the vici based example configuration and my
setup also fails to work without it, which suggests that it should be
available.
A temporary fix is to install `strongswan-starter` but that brings in
a few dependencies and automatically starts `strongswan`, which needs
to be stopped and disabled. This latter task seems to break currently
running SAs which requires `strongswan-swanctl` to be restarted. So
it's not a perfect workaround.
The `_updown` script needs to be in a package that is common to all
strongswan installations.
More information about the Pkg-swan-devel
mailing list