latest strongswan update is broken in 18.10
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
A lot of `strongswan` files got updated this morning. It breaks strongswan because it can't find `/etc/ipsec.conf`. Sure enough, it's missing. The package file indicates that it's there, but it doesn't get installed.
I went to packages.ubuntu.com and downloaded `strongswan-
I manually extracted ipsec.conf from the .deb file, copied it to /etc/ipsec.conf, chmod 600 /etc/ipsec.conf, and made sure it was root:root, then `sudo systemctl restart ipsec`.
`sudo systemctl status ipsec` now shows correctly.
The /etc/ipsec.conf file looks like this...
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
# Sample VPN connections
#conn sample-self-signed
# leftsubnet=
# leftcert=
# leftsendcert=never
# right=192.168.0.2
# rightsubnet=
# rightcert=
# auto=start
#conn sample-with-ca-cert
# leftsubnet=
# leftcert=myCert.pem
# right=192.168.0.2
# rightsubnet=
# rightid="C=CH, O=Linux strongSwan CN=peer name"
# auto=start
ProblemType: Bug
DistroRelease: Ubuntu 18.10
Package: strongswan-starter 5.6.3-1ubuntu4.1
ProcVersionSign
Uname: Linux 4.18.0-13-generic x86_64
ApportVersion: 2.20.10-0ubuntu13.1
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Sun Jan 13 11:31:11 2019
InstallationDate: Installed on 2014-05-10 (1709 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: strongswan
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
modified.
If installing the package doesn't restore ipsec.conf, then it's because it was removed outside the package's control, usually.
Could you check /var/log/ apt/history. log to backtrack the packages you installed and upgrade to see if there is a clear way to reproduce this problem?
That being said, these error messages are intriguing: conffile. .etc.ipsec. conf: [inaccessible: [Errno 13] Permission denied: '/etc/ipsec.conf'] conffile. .etc.ipsec. secrets: [inaccessible: [Errno 13] Permission denied: '/etc/ipsec. secrets' ]
modified.
modified.
That means at least at the time the bug was reported, the file existed.