> It appears that upstream 1.3.1+ plugin requires "Strong" secrets

The bug report referenced relates that the decision to not support PSK
(or IKEv1) in the StrongSwan NM plugin is a "political decision". In
2010.

It's still a dumb one. Even today in 2017 my IT dept has set up their
VPN with IKEv1 and an 18-char PSK. Which means I can't even use the
command-line version of StrongSwan because the "political decision" is
baked into the VPN daemon.

By all means make it impossible for your SERVER to have a stupid config,
but clients rarely have a choice over the setup they're connecting to.
Conversely the No.1 complaint I hear about StrongSwan server is that
it's hard to set up - I concur, having had to do it myself. But that's
by the by here.

This means there is currently _no_ NetworkManager VPN client for Ubuntu
that supports IKEv1 ; you have to resort to the Shrewsoft client, which
doesn't play well with other clients, doesn't play well with
NetworkManager or it's captive dnsmasq instance.

Is it useful to continue to use the output of a project that allows
"political decisions" to get in the way of actually being useful to the
greatest number of users?

I would argue that the choice of StrongSwan over LibreSwan here is
harming adoption of Ubuntu in the enterprise (presuming, that is, that
LibreSwan has no such political opinions baked into it and you can
actually use it's NM plugin to connect to most VPNs). If LibreSwan is
good enough for RedHat and the GNOME team maintain a NM plugin for it
(as they do), would that not be a better choice for Ubuntu?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1578193

Title:
  cannot load legacy-only plugin

To manage notifications about this bug go to:
https://bugs.launchpad.net/linuxmint/+bug/1578193/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to