On Sat, Feb 13, 2016 at 12:27 PM, mrq1 <tempusfugit...@gmail.com> wrote:
> great! starts now :-) > > what about the chapoly plugin? can you enable it in the extra package? > it would be very important for me! > I can look at enabling it. It's new in 5.3.5. If enabled, can you test and confirm it works? Looks like something quite interesting. https://en.wikipedia.org/wiki/Poly1305 Comments here in the Debian bug indicate that this requires at least 4.2 kernel. For Xenial, this will be sufficient I suppose. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803787 > > btw: the output of service looks strange to me > > # service strongswan status > ● strongswan.service - strongSwan IPsec services > Loaded: loaded (/lib/systemd/system/strongswan.service; enabled; vendor > preset: enabled) > Active: inactive (dead) since Sat 2016-02-13 19:22:46 CET; 42s ago > Process: 25807 ExecStopPost=/bin/rm -f /var/run/charon.pid > /var/run/starter.charon.pid (code=exited, status=0/SUCCESS) > Process: 25789 ExecStop=/usr/sbin/ipsec stop (code=exited, > status=0/SUCCESS) > Main PID: 25643 (code=exited, status=0/SUCCESS) > That looks like from the initial install; You may need to reload the new apparmor policy apparmor_parser -r /etc/apparmor.d/usr.lib.ipsec.charon And then you can restart it with: systemctl restart strongswan and check status systemctl status strongswan > > looks like the service is not running anymore but via > # ipsec statusall > everything looks ok > > is the some systemd-integration-magic missing? > I'm not sure what ipsec statusall invokes to check status. In an up-to-date Xenial VM, installing the current packages in the PPA, I get the following: # systemctl status strongswan ● strongswan.service - strongSwan IPsec services Loaded: loaded (/lib/systemd/system/strongswan.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2016-02-13 21:50:59 UTC; 18s ago Main PID: 2798 (starter) CGroup: /system.slice/strongswan.service ├─2798 /usr/lib/ipsec/starter --daemon charon └─2799 /usr/lib/ipsec/charon --use-syslog Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading ocsp signer certificates from '/...ts' Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading attribute certificates from '/et...ts' Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading crls from '/etc/ipsec.d/crls' Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading secrets from '/etc/ipsec.secrets' Feb 13 21:50:59 sw1 charon[2799]: 00[LIB] loaded plugins: charon test-vectors aes ...own Feb 13 21:50:59 sw1 charon[2799]: 00[LIB] dropped capabilities, running as uid 0, gid 0 Feb 13 21:50:59 sw1 charon[2799]: 00[JOB] spawning 16 worker threads Feb 13 21:50:59 sw1 ipsec_starter[2798]: charon (2799) started after 20 ms Feb 13 21:50:59 sw1 systemd[1]: Started strongSwan IPsec services. Feb 13 21:51:00 sw1 systemd[1]: Started strongSwan IPsec services. Hint: Some lines were ellipsized, use -l to show in full. root@sw1:~# root@sw1:~# ipsec statusall Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-4-generic, x86_64): uptime: 30 seconds, since Feb 13 21:51:00 2016 malloc: sbrk 946176, mmap 0, used 229008, free 717168 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0 loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown Listening IP addresses: 192.168.122.147 10.0.3.1 Connections: Security Associations (0 up, 0 connecting): none > > thanks! > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1535951 > > Title: > Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1535951 Title: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs