** Changed in: strongswan (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1535951
Title:
Please merge strongswan 5.3.5-1 (main) from Debian unstable (
** Changed in: strongswan (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1535951
Title:
Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
T
The attachment "Ubuntu debdiff between 5.1.2-0ubuntu8 and
5.3.5-1ubuntu1" seems to be a debdiff. The ubuntu-sponsors team has
been subscribed to the bug report so that they can review and hopefully
sponsor the debdiff. If the attachment isn't a patch, please remove the
"patch" flag from the attac
** Patch added: "Ubuntu debdiff between 5.1.2-0ubuntu8 and 5.3.5-1ubuntu1"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4573962/+files/ubuntu-5.1.2-0ubuntu8-to-5.3.5-1ubuntu1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs
** Patch added: "debdiff netween debian 5.3.5-1 and ubuntu 5.3.5-1ubuntu1"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4573963/+files/debian-5.3.5-1-to-5.3.5-1ubuntu1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
I've pushed the latest revisions into the PPA:
strongswan (5.3.5-1ubuntu7) xenial; urgency=medium
* debian/{rules,control,libstrongswan-extra-plugins.install}
Enable bliss plugin
* debian/patches/increase-bliss-test-timeout.patch
Under QEMU/KVM for autopkgtest bliss test takes a bit l
On 2016-02-16 09:46 AM, mrq1 wrote:
> it looks like strongswan is faking a nat situation if the kernel-libipsec
> is used
This is by design as kernel-libipsec requires ESPinUDP.
As Tobias (Strongswan upstream) said, it's best to not have this on by
default.
> btw: did you get this audit entries
On Tue, Feb 16, 2016 at 8:46 AM, mrq1 wrote:
> it looks like strongswan is faking a nat situation if the kernel-libipsec
> is used, so there are only problems with transport & beet mode ..
>
It sounds like it could be confusing. I'd prefer not to have a one-off for
just this
package but if it'
it looks like strongswan is faking a nat situation if the kernel-libipsec
is used, so there are only problems with transport & beet mode ..
btw: did you get this audit entries too?
# grep audit /var/log/syslog
Feb 16 07:56:31 kvm-xenial kernel: [240771.376037] audit: type=1400
audit(1455605791.
>> i think the kernel-libipsec plugin should not be loaded by default
>>
>> the plugin works only with UDP encapsulated packets
>>
>> (look here: https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-
>> libipsec)
>>
>> and this will break most of the "normal"/LAN setups
>>
>
> The kernel-l
On Sun, Feb 14, 2016 at 3:36 AM, mrq1 wrote:
> looks good so far :-)
>
> i think the kernel-libipsec plugin should not be loaded by default
>
> the plugin works only with UDP encapsulated packets
>
> (look here: https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-
> libipsec)
>
> and thi
On 2016-02-14 09:00 AM, Simon Deziel wrote:
> On 2016-02-13 10:03 PM, Ryan Harper wrote:
>> On Sat, Feb 13, 2016 at 7:51 PM, Simon Déziel <1535...@bugs.launchpad.net>
>>> libipsec support is very cool (thanks for enabling it!) as it should
>>> allow running a IPsec in containers.
>>>
>>>
>> Please
> chapoly and ntru are part of libstrongswan-extra-plugins
you are right!
i mixed up libcharon-extra-plugins & libstrongswan-extra-plugins
(had only the first one)
my tests are looking good so far.
chapoly & ntru are working as expected, great work!
the MOBIKE handling has much improved since
On Sun, Feb 14, 2016 at 2:12 AM, mrq1 wrote:
> thanks for the fast pace!
>
> > should be ready in a bit with the new plugin
>
> NOPE. still no chapoly & ntru plugin included
>
chapoly and ntru are part of libstrongswan-extra-plugins
>
> # ipsec statusall
> Status of IKE charon daemon (strongSw
On 2016-02-13 10:03 PM, Ryan Harper wrote:
> On Sat, Feb 13, 2016 at 7:51 PM, Simon Déziel <1535...@bugs.launchpad.net>
> wrote:
>
>> On 2016-02-13 05:09 PM, Ryan Harper wrote:
>>> On Sat, Feb 13, 2016 at 12:27 PM, mrq1 wrote:
>>>
great! starts now :-)
what about the chapoly plugin
looks good so far :-)
i think the kernel-libipsec plugin should not be loaded by default
the plugin works only with UDP encapsulated packets
(look here: https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-
libipsec)
and this will break most of the "normal"/LAN setups
i would build and
thanks for the fast pace!
> should be ready in a bit with the new plugin
NOPE. still no chapoly & ntru plugin included
# ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-4-generic, x86_64):
uptime: 10 minutes, since Feb 14 08:59:01 2016
malloc: sbrk 1650688, mmap 0,
On Sat, Feb 13, 2016 at 7:51 PM, Simon Déziel <1535...@bugs.launchpad.net>
wrote:
> On 2016-02-13 05:09 PM, Ryan Harper wrote:
> > On Sat, Feb 13, 2016 at 12:27 PM, mrq1 wrote:
> >
> >> great! starts now :-)
> >>
> >> what about the chapoly plugin? can you enable it in the extra package?
> >> it
On 2016-02-13 05:09 PM, Ryan Harper wrote:
> On Sat, Feb 13, 2016 at 12:27 PM, mrq1 wrote:
>
>> great! starts now :-)
>>
>> what about the chapoly plugin? can you enable it in the extra package?
>> it would be very important for me!
>>
>
> I can look at enabling it. It's new in 5.3.5.
+1
ChaC
Excellent! I had forgotten about that. I'll update.
On Sat, Feb 13, 2016 at 7:00 PM, Simon Déziel <1535...@bugs.launchpad.net>
wrote:
> On 2016-02-13 12:39 PM, Ryan Harper wrote:
> > The extra-plugins package need some more privs for the charon binary
> > in the apparmor profile.
>
> Ryan, plea
On 2016-02-13 12:39 PM, Ryan Harper wrote:
> The extra-plugins package need some more privs for the charon binary
> in the apparmor profile.
Ryan, please take a look at [1] for refreshed AA profiles that could
address many more LP bugs (all mentioned in debian/changelog). Thanks.
Regards,
Simon
** Bug watch added: Debian Bug tracker #803787
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803787
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1535951
Title:
Please merge strongswan 5.3.5-1
On Sat, Feb 13, 2016 at 12:27 PM, mrq1 wrote:
> great! starts now :-)
>
> what about the chapoly plugin? can you enable it in the extra package?
> it would be very important for me!
>
I can look at enabling it. It's new in 5.3.5. If enabled, can you test
and confirm it works?
Looks like someth
great! starts now :-)
what about the chapoly plugin? can you enable it in the extra package?
it would be very important for me!
btw: the output of service looks strange to me
# service strongswan status
● strongswan.service - strongSwan IPsec services
Loaded: loaded (/lib/systemd/system/stron
Ah, yes. I've a fix for that; I hadn't pushed my latest update in to the
ppa. The extra-plugins package need some more privs for the charon binary
in the apparmor profile.
Look for 1ubuntu5 in the ppa in just a bit and see if that fixes up the
issue with the extras plugins.
On Sat, Feb 13, 20
the startup segfault disappears if a purge the extra-plugin package but
NOT if i only remove it :-O
maybe the bug comes with one of the dependency packages?
Feb 13 17:31:24 kvm-xenial charon: 00[LIB] loaded plugins: charon test-vectors
aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation const
hi
i used your ppa .. looks great with the default plugin package
but with the extra plugins:
Feb 13 17:22:28 kvm-xenial charon: 00[CFG] mediation client database URI not
defined, skipped
Feb 13 17:22:28 kvm-xenial charon: 00[CFG] no threshold configured for
systime-fix, disabled
Feb 13 17:22:
Yes, quite close. I'll handle the FFE if needed but I feel on-track.
I'm preparing the merge debdiff for review.
Threads:
https://lists.ubuntu.com/archives/ubuntu-devel/2016-January/039144.html
https://lists.ubuntu.com/archives/ubuntu-devel/2016-February/039201.html
Please give the test-package
There is a thread on Ubuntu-devel
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1535951
Title:
Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
To manage notifications about this
is there any progress on this issue?
FeatureFreeze & DebianImportFreeze are getting close :-/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1535951
Title:
Please merge strongswan 5.3.5-1 (main) fro
** Attachment removed: "Refreshed logcheck rules"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4558391/+files/strongswan.logcheck
** Attachment added: "Refreshed logcheck rules"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4
** Attachment removed: "Refreshed logcheck rules"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4558011/+files/strongswan.logcheck
** Attachment added: "Refreshed logcheck rules"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4
The attached logcheck rules should cover all the normal logs generated
by Strongswan using the stock default config. If Debian integrates this
ruleset, bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787156
could be closed.
** Bug watch added: Debian Bug tracker #787156
http://bugs.debian
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: strongswan (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1535951
Title:
34 matches
Mail list logo
