On Thu, 10 Dec 2015, Tony Whyman wrote:
Supplementing my original point - I've gone through the notes I made when converting from Ubuntu/Openswan to Libreswan and, apart from the NSS issue, it was generally very straightforward, especially for a "standard" VPN type configuration. The only other issue of note comes from building Libreswan as deb packages and installing from .deb files.
We've made many changed in the debian/ directory in the last few months.
In this case, Libreswan was installed (under Ubuntu) as an upstart job while Openswan had been a System V Init script install. This caused some initial confusion as /etc/init.d/ipsec had for some reason not been removed when the Libreswan package was installed (I used my own repository and apt-get).
Ahh. Added a warning for that to the migration page. Thanks!
I was also used to controlling pluto by using commands such as "/etc/init.d/ipsec restart" when the VPN needed to be kicked back into life. With Libreswan, I need to use "ipsec restart" instead.
Technically, you can use the init system commands. So "service" for sysv and "systemctl" for systemd. However, we do support automatic redirection using the "ipsec" command, so ipsec "start|stop|restart" will always work (we are that old - we predated the "service" command and did not want to use /etc/init.d/ipsec or /etc/rc.3.d/ipsec and so "ipsec setup start|stop|restart" was a wrapper for that. A long time ago we made the "setup" keyword optional.
It's these small differences that, in practice, affect the user much more than the build time parameter changes.
Yes, those are more hints for developers that build their own appliance. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
