[Pkg-swan-devel] Bug#1085384: strongswan: Installing strongswan on debian is highly confusing and prone to errors

András Tömpe andris at napalm.hu
Fri Oct 18 18:51:27 BST 2024 

Package: strongswan
Version: 5.9.8-5+deb12u1
Severity: normal
X-Debbugs-Cc: andris at napalm.hu

Dear Maintainer,

Packages related to strongswan are very hard to understand, and to use them
properly.
Currently it is possible to have the strongswan, strongswan-starter and
strongswan-charon triplet installed alongside with charon-systemd and
strongswan-swanctl. While in rare cases it might make sense, i think most of
the users only needs one set of them. Either they want to use the legacy
ipsec.conf or the newer swanctl.conf. Also there may be differences whether
they use systemd or not. And maybe more factors, i really do not know.

When I install everything, two copies of charon daemon are trying to run at the
same time, and it leads to a lot of problems. The error messages in 5.9.8 are
not helpful in any way. It took me 2 days to figure out that there are two
deamons.

Even the upstream developer has a separate section regarding debian packages:

https://docs.strongswan.org/docs/5.9/install/install.html

"
When installing the strongswan metapackage, the legacy daemon and configuration
backend are installed. To use swanctl/vici instead, install the charon-systemd
and strongswan-swanctl packages and remove both the strongswan-starter and
strongswan-charon packages. Make sure you only have either the charon-systemd
or the strongswan-starter package installed (or at least disable one of the
systemd units they install, which are strongswan.service and strongswan-
starter.service, respectively).
"

There was a time when they were conflicting packages, but not any more:

strongswan-libcharon
Breaks: strongswan-starter (<= 5.6.1-2)
Replaces: strongswan-starter (<= 5.6.1-2)

strongswan-swanctl
Breaks: strongswan-starter (<< 5.8.0-1)
Replaces: strongswan-starter (<< 5.8.0-1)

I doubt this is the intended behaviour.

Also the names of the packages makes no sense to me.

see also:
https://github.com/strongswan/strongswan/discussions/2502
https://github.com/strongswan/strongswan/discussions/2282


-- System Information:
Debian Release: 12.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-23-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages strongswan depends on:
pn  strongswan-charon   <none>
pn  strongswan-starter  <none>

strongswan recommends no packages.

strongswan suggests no packages.

More information about the Pkg-swan-devel mailing list