[strongSwan] migration from StrongSwan 5.1.2 to 5.3.2

Fri Sep 4 19:22:51 CEST 2015

Thanks Noel for your help.

First I confirmed files in both Ubuntu 14.04 and Fedora 22 are correct

But in Fedora, it fails to set up tunnels.

I also checked statusall in both Ubuntu and Fedora and the major difference is that - in Fedora no IP address is listed under " Listening IP addresses:", even though all IP addresses are identical in both cases.

I am attaching some logs from both Ubuntu and Fedora.

Regards,
Charlie Li

-----Original Message-----
From: Noel Kuntze [mailto:noel at familie-kuntze.de] 
Sent: Thursday, September 03, 2015 2:15 PM
To: Li, Charlie; 'users at lists.strongswan.org'
Subject: Re: [strongSwan] migration from StrongSwan 5.1.2 to 5.3.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Charlie,

Am 03.09.2015 um 01:32 schrieb Li, Charlie:
>
> Hi Team,
>
> 
>
> I have been using StrongSwan 5.1.2 (in Ubuntu 14.04) for a while. Attached are the ipsec.confand ipsec.secretsfiles used for my tests. Basically PSK = ipsecis used for all connections.
>
> 
>
> But when I use the same ipsec.confand ipsec.secretsfiles with StrongSwan 5.3.2 (in Fedora 22), it does not work.
>
> 
>
> Looks like with 5.3.2, ipsec.secretsfile is not used anymore, instead swanctl.confis introduced.
>
> 
>
> Appreciate if someone can show me how to migrate to 5.3.2.
>
> 
>
> Thanks,
>
> Charlie
>

Nope.
strongSwan still supports ipsec.conf. swanctl.conf is just an additonal configuration file, which you /can/ use instead of ipsec.conf. The format is much nicer than the one ipsec.conf uses and it is loaded over vici socket, which is much better to handle as an API than stroke socket.

Fedora and other RHEL like distros (CentOS, ...) store the strongSwan configuration files in /etc/strongswan/, not in /etc/.
Make sure to adjust the ACLs and SElinux context of the files.

- -- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV6JwnAAoJEDg5KY9j7GZYW3gP/2pKZlcGJYeGDxi0rUv99xkm
99KWqE7fYNihEprhjtYvMca1vWP1pMmbS8WYRerriLfA9afpRrrWZ0LeKty/9Ijj
ple2fiP+rKgnz8pcjeFBCqZCOXbG6cvtiqAXtrL9APwjKwnPMkoRZmXkZEHi1JmO
yGNkZmIHmySVdU8yM+woB0+Akj1tGPFkekvnLPd01aBLal5QjD8BHZwBhYPrEJPS
YM53jtrpc+cfBYWWlu/Rrg2UmVyg14dKyiCc0D/v18swg0Qz1AK1JtgIHcHp5UZU
9jhrzNI7tGCecoFZuSAL4VXwZne0jdO3st1XdLvvSa50pgBj/zD0ACVJ4bEc5mf2
NgPZ4CJCqaH+jxi0PI4bYJOlmqWJGfCMkyh4PjAY69WgDAsAfNS0XYB6vp+WATYJ
ZJNRCRdHuWTt5udAe+gdzCHq76oS7eDsMfzmTHHNFfxHeB8sO0ipT+Mu/Ic554s8
3eqhxXeSCGfmBzQPAKnwPA7bsLXc/zxAYfWBDlNFA/84ZRXOH8VKNZmN1xYwnctG
Ed9GPgoBhUEWIFlJcP7dXp/9ECuWmLwtnyn1e0pD5YP05ys4AyfwgLaRVygkllJL
SxoAaVuxZw/juN8USsrGpNbLkicTeDnvKdL8ddAR2Pn70Q8nWZdDj8hXshgfDffA
OvPXkd6BphJEJkS2bxoV
=ZT2N
-----END PGP SIGNATURE-----

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ubuntu.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150904/5c21eccd/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: fedora.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150904/5c21eccd/attachment-0003.txt>