Supplementing my original point - I've gone through the notes I made
when converting from Ubuntu/Openswan to Libreswan and, apart from the
NSS issue, it was generally very straightforward, especially for a
"standard" VPN type configuration. The only other issue of note comes
from building Libreswan as deb packages and installing from .deb files.
In this case, Libreswan was installed (under Ubuntu) as an upstart job
while Openswan had been a System V Init script install. This caused some
initial confusion as /etc/init.d/ipsec had for some reason not been
removed when the Libreswan package was installed (I used my own
repository and apt-get).
I was also used to controlling pluto by using commands such as
"/etc/init.d/ipsec restart" when the VPN needed to be kicked back into
life. With Libreswan, I need to use "ipsec restart" instead.
It's these small differences that, in practice, affect the user much
more than the build time parameter changes.
Tony
On 09/12/15 23:07, Tom Robinson wrote:
On 10/12/15 02:03, Tony Whyman wrote:
Thus my feedback is that the removal of the X.509 file support and the need to
understand how to use
NSS should be right up front together with the link to the NSS page.
I also found this to be the most challenging thing when migrating in the last
few months.
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
