[Pkg-swan-devel] Bug#1116662: strongswan-starter: Existing SysV init script ignores new config format
Yves-Alexis Perez
corsac at debian.org
Tue Sep 30 07:34:43 BST 2025
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, 2025-09-29 at 21:51 +0000, Luigi Baldoni wrote:
> Since then, strongswan has deprecated the old ipsec.conf format in favour
> of swanctl.conf. The systemd scripts launch the daemon first and then invoke
> swanctl to load the new-style configuration, but the existing
> /etc/init.d/ipsec
> does not.
>
> Other non-systemd distributions (e.g. openwrt and alpine) use separate
> launchers
> to leave users the choice, upstream systemd seems to do it the new way only,
> but I haven't delved too much into it.
Hi Luigi,
I'm not sure I understand your problem.
If you want to use the "legacy" ipsec.conf, use strongswan-charon and
strongswan-starter.
If you want to use the "new" swanctl.conf, use strongswan-swanctl and charon-
systemd (and yes that means using systemd launcher).
The `strongswan` metapackage used to depend on the former set, now on the
latter.
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmjbegMACgkQ3rYcyPpX
RFuo9wf+IB3A5vR4H7maMvXXrXr8VqG94unn1q3b8wPDTD1lAHiCPUiRGMp668KM
zHWWlZwdDeL8l0FGr34/R94HI1WLWaaZzmVrt8uEZdW7XjYL+v14kmZCJImHWZMh
GSp05sjVrt3FI9SQuN+LCqWMrWQ+23Lx2ocq0DrLUJtd5bZ2vNy4XzB6BKof/+PB
FmfdT67gHyMD4dGjSLUD13F3AsMgtsGbaaKkXLnyDNnMV1uLrRUqw3NHZXMwnQzK
BRMnE8AoWjyTbUOrZiAEtq2BZGHzo1eW9WylUScc0pIyzhDD7LTKCaP6+k5iItib
fiFRpUDOXewjGbJpPeeELA5Njpp/iw==
=e+I+
-----END PGP SIGNATURE-----
More information about the Pkg-swan-devel
mailing list