Arch Linux

Description: L2TP/IPsec connection no longer works with networkmanager 1.36


Additional info:
* package version: 5.9.5-1 and earlier
* link to upstream bug report:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/946

see networkmanager-l2tp bug report :
https://bugs.archlinux.org/task/74089

Table of strongswan plugins which lists which ones are experimental :
https://docs.strongswan.org/strongswan-docs/5.9/plugins/plugins.html

Arch Linux seems to enable/load a lot more strongswan plugins compared to other Linux distributions, and some of these plugins are now causing problems with networkmanager >= 1.36, especially the experimental plugins that deal with routing like bypass-lan and forecast.

I would recommend not loading plugins that are known to have problems by default. If anybody needs to use them, they can explicitly load the plugin by editing the corresponding config file.

Can the package() section of the strongswan PKGBUILD file have something like the following added (it is based on what Fedora strongswan package doesn't enable or load) :

# do not load certain plugins by default that are known to have problems
for p in bypass-lan connmark forecast sha3; do
sed -i 's/load = yes/load = no/' "${pkgdir}/etc/strongswan.d/charon/${p}.conf"
done