FS#57621 - Strongswan should be compiled with --enable-kernel-libipsec

Attached to Project: Community Packages
Opened by Christian Felsing (cf) - Saturday, 24 February 2018, 10:28 GMT
Last edited by Doug Newgard (Scimmia) - Saturday, 24 February 2018, 13:15 GMT
Task Type Feature Request
Category Packages
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

Strongswan should be compiled with
--enable-kernel-libipsec

ipsec statusall|grep kernel

should list kernel-libipsec as available plugin:

Expected behaviour:

loaded plugins: ... kernel-libipsec kernel-netlink ...

Actual bahaviour:

kernel-libipsec is not listed as available plugin.

Reasons for using for using libipsec:

This feature moves ipsec device into user space, which offers more ways to manipulate routing.

At least you get a network device "ipsec0"

drawbacks:

None, because libipsec needs to be enabled by configuration. If not enabled, Strongswan behaves like before.

Additional info:
* package version(s)
strongswan 5.6.2-1

# ipsec version
Linux strongSwan U5.6.2/K4.15.5-1-ARCH
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.


* config and/or log files etc.
/etc/strongswan.d/charon/kernel-libipsec.conf:

kernel-libipsec {
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
}


Steps to reproduce:

Try to enable libipsec with config above, restart Strongswan. ipsec statusall|grep kernel should list "kernel-libipsec" after that.
This task depends upon

Closed by  Doug Newgard (Scimmia)
Saturday, 24 February 2018, 13:15 GMT
Reason for closing:  Won't implement
Additional comments about closing:  See comment in PKGBUILD

Loading...