FS#57621 - Strongswan should be compiled with --enable-kernel-libipsec
Attached to Project:
Community Packages
Opened by Christian Felsing (cf) - Saturday, 24 February 2018, 10:28 GMT
Last edited by Doug Newgard (Scimmia) - Saturday, 24 February 2018, 13:15 GMT
Opened by Christian Felsing (cf) - Saturday, 24 February 2018, 10:28 GMT
Last edited by Doug Newgard (Scimmia) - Saturday, 24 February 2018, 13:15 GMT
|
Details
Description:
Strongswan should be compiled with --enable-kernel-libipsec ipsec statusall|grep kernel should list kernel-libipsec as available plugin: Expected behaviour: loaded plugins: ... kernel-libipsec kernel-netlink ... Actual bahaviour: kernel-libipsec is not listed as available plugin. Reasons for using for using libipsec: This feature moves ipsec device into user space, which offers more ways to manipulate routing. At least you get a network device "ipsec0" drawbacks: None, because libipsec needs to be enabled by configuration. If not enabled, Strongswan behaves like before. Additional info: * package version(s) strongswan 5.6.2-1 # ipsec version Linux strongSwan U5.6.2/K4.15.5-1-ARCH Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil, Switzerland See 'ipsec --copyright' for copyright information. * config and/or log files etc. /etc/strongswan.d/charon/kernel-libipsec.conf: kernel-libipsec { # Whether to load the plugin. Can also be an integer to increase the # priority of this plugin. load = yes } Steps to reproduce: Try to enable libipsec with config above, restart Strongswan. ipsec statusall|grep kernel should list "kernel-libipsec" after that. |
This task depends upon
Closed by Doug Newgard (Scimmia)
Saturday, 24 February 2018, 13:15 GMT
Reason for closing: Won't implement
Additional comments about closing: See comment in PKGBUILD
Saturday, 24 February 2018, 13:15 GMT
Reason for closing: Won't implement
Additional comments about closing: See comment in PKGBUILD