Ubuntu
strongswan package

strongswan config in 10.10 doesn't work

Bug #661220 reported by Hasse Hagen Johansen
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
strongswan (Ubuntu)
Fix Released
Undecided
Unassigned
Maverick
Won't Fix
Undecided
Unassigned

Bug Description

Binary package hint: strongswan

I had problems after upgrading my server to ubuntu 10.10

No failures in the strongswan logs..only about one of the plugins..but no serious errors, but it doesn't log anything when you try to connect at client to it.

I stumbled upon a workaround about the order which the plugins for the charon daemon is loaded. It should work if the plugins is loaded in this order:

/etc/strongswan.conf:

        ...
        charon {
                       ...
                       load = curl ldap aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem openssl fips-prf xcbc hmac agent gmp attr kernel-netlink socket-default farp eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 nm dhcp resolve
                       ...

Originally found on: http://mopoinfo.vpn.uni-freiburg.de/node/99 (in german)

Revision history for this message
Martin Willi (martinwilli) wrote :

> It should work if the plugins is loaded in this order

The problem is not the order, but the compile time plugin configuration:

> --enable-socket-raw --enable-socket-dynamic

Only one socket is needed. The raw socket allows both the IKEv1 and IKEv2 daemons to run in parallel. I suggest to remove the --enable-socket-dynamic.

Patch attached.

Revision history for this message
Bhavani Shankar (bhavi) wrote :

Hello

I updated strongswan package in natty to the latest upstream version. If the problem persists then update the patch for natty and I ll be happy to upload

regards

Revision history for this message
Hasse Hagen Johansen (hasse-launchpad) wrote :

Hi Thanks Bhavani

Would it be possible to get an updated package in 10.10 also. I would believe this is critical software for some people?

Revision history for this message
Bhavani Shankar (bhavi) wrote :

Hello again!

Yes through SRU if the patch goes to natty ll prepare a SRU (Stable Release Update) for maverick

regards

Revision history for this message
Stefano Rivera (stefanor) wrote :

Unsubscribing sponsors, as this isn't currently ready for sponsorship.

Revision history for this message
Laurent Bigonville (bigon) wrote :

This bug is fixed in natty, closing

Changed in strongswan (Ubuntu):
status: New → Fix Released
Adolfo Jayme Barrientos (fitojb)
Changed in strongswan (Ubuntu Maverick):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.