The proposed package is available here: https://launchpad.net/~lucaskanashiro/+archive/ubuntu/focal-strongswan- bug-fixes
I performed the test above to check if both plugins are installed again and also if the old conf files were removed: [in the same container I was using to describe the Test Case section in the description] $ add-apt-repository ppa:lucaskanashiro/focal-strongswan-bug-fixes -y $ apt install strongswan libcharon-extra-plugins -y $ dpkg -L libcharon-extra-plugins | grep eap-dynamic /etc/strongswan.d/charon/eap-dynamic.conf /usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so /usr/share/strongswan/templates/config/plugins/eap-dynamic.conf $ dpkg -L libcharon-extra-plugins | grep eap-peap /etc/strongswan.d/charon/eap-peap.conf /usr/lib/ipsec/plugins/libstrongswan-eap-peap.so /usr/share/strongswan/templates/config/plugins/eap-peap.conf # List all the EAP plugins available in the proposed libcharon-extra-plugins. Now there is no old conf file at the end of the output $ dpkg -L libcharon-extra-plugins | grep eap /etc/strongswan.d/charon/eap-aka.conf /etc/strongswan.d/charon/eap-dynamic.conf /etc/strongswan.d/charon/eap-gtc.conf /etc/strongswan.d/charon/eap-identity.conf /etc/strongswan.d/charon/eap-md5.conf /etc/strongswan.d/charon/eap-peap.conf /etc/strongswan.d/charon/eap-radius.conf /etc/strongswan.d/charon/eap-tls.conf /etc/strongswan.d/charon/eap-tnc.conf /etc/strongswan.d/charon/eap-ttls.conf /etc/strongswan.d/charon/xauth-eap.conf /usr/lib/ipsec/plugins/libstrongswan-eap-aka.so /usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so /usr/lib/ipsec/plugins/libstrongswan-eap-gtc.so /usr/lib/ipsec/plugins/libstrongswan-eap-identity.so /usr/lib/ipsec/plugins/libstrongswan-eap-md5.so /usr/lib/ipsec/plugins/libstrongswan-eap-peap.so /usr/lib/ipsec/plugins/libstrongswan-eap-radius.so /usr/lib/ipsec/plugins/libstrongswan-eap-tls.so /usr/lib/ipsec/plugins/libstrongswan-eap-tnc.so /usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so /usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so /usr/share/strongswan/templates/config/plugins/eap-aka.conf /usr/share/strongswan/templates/config/plugins/eap-dynamic.conf /usr/share/strongswan/templates/config/plugins/eap-gtc.conf /usr/share/strongswan/templates/config/plugins/eap-identity.conf /usr/share/strongswan/templates/config/plugins/eap-md5.conf /usr/share/strongswan/templates/config/plugins/eap-peap.conf /usr/share/strongswan/templates/config/plugins/eap-radius.conf /usr/share/strongswan/templates/config/plugins/eap-tls.conf /usr/share/strongswan/templates/config/plugins/eap-tnc.conf /usr/share/strongswan/templates/config/plugins/eap-ttls.conf /usr/share/strongswan/templates/config/plugins/xauth-eap.conf ** Description changed: + [Impact] + + Some libcharon EAP plugins were removed since version 5.8.0-2 by the + Debian maintainer in order to keep only the essential plugins, reducing + the complexity. So users upgrading from Bionic (5.6.2-1ubuntu2.5) to + Focal (5.8.2-1ubuntu3) will find some missing plugins. The problem is + that many users rely on some of the removed plugins, and it might be + considered as a regression for them when upgrading to Focal. + + After a nice explanation from Tobias (upstream maintainer) on comment #4 + of this bug we decided to enable again 2 of those removed plugins, they + are: eap-dynamic and eap-peap. In short, the eap-dynamic plugin allows + clients to select an alternative EAP method when the chosen one is not + available; and the eap-peap is still widely used mainly because it is + what Microsoft implements (not just it but most of the clients support + it), EAP-PEAP is often used in conjunction with EAP-MSCHAPv2 to + authenticate in Wifi networks for instance and use it for VPNs allows + users to reuse the existent infrastructure. + + And to avoid any confusion we are also removing the configuration files + from the other plugins removed since 5.8.0-2. They are not used anymore + but they are still there. + + [Test Case] + + $ lxc launch ubuntu-daily:bionic strongswan-sru + $ lxc shell strongswan-sru + $ apt update && apt upgrade -y + $ apt install strongswan libcharon-extra-plugins -y + + $ dpkg -L libcharon-extra-plugins | grep eap-dynamic + /etc/strongswan.d/charon/eap-dynamic.conf + /usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so + /usr/share/strongswan/templates/config/plugins/eap-dynamic.conf + + $ dpkg -L libcharon-extra-plugins | grep eap-peap + /etc/strongswan.d/charon/eap-peap.conf + /usr/lib/ipsec/plugins/libstrongswan-eap-peap.so + /usr/share/strongswan/templates/config/plugins/eap-peap.conf + + # Upgrade to Focal + $ do-release-upgrade + + # Note the conf file was not removed by the upgrade even after the plugin was disabled + $ dpkg -L libcharon-extra-plugins | grep eap-dynamic + /etc/strongswan.d/charon/eap-dynamic.conf + + # Note the conf file was not removed by the upgrade even after the plugin was disabled + $ dpkg -L libcharon-extra-plugins | grep eap-peap + /etc/strongswan.d/charon/eap-peap.conf + + # If you check for all the EAP plugins in libcharon-extra-plugins you can see those old conf files are still there even after the removal of the respective plugins + $ dpkg -L libcharon-extra-plugins | grep eap + /etc/strongswan.d/charon/eap-aka.conf + /etc/strongswan.d/charon/eap-gtc.conf + /etc/strongswan.d/charon/eap-identity.conf + /etc/strongswan.d/charon/eap-md5.conf + /etc/strongswan.d/charon/eap-radius.conf + /etc/strongswan.d/charon/eap-tls.conf + /etc/strongswan.d/charon/eap-tnc.conf + /etc/strongswan.d/charon/eap-ttls.conf + /etc/strongswan.d/charon/xauth-eap.conf + /usr/lib/ipsec/plugins/libstrongswan-eap-aka.so + /usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so + /usr/lib/ipsec/plugins/libstrongswan-eap-gtc.so + /usr/lib/ipsec/plugins/libstrongswan-eap-identity.so + /usr/lib/ipsec/plugins/libstrongswan-eap-md5.so + /usr/lib/ipsec/plugins/libstrongswan-eap-radius.so + /usr/lib/ipsec/plugins/libstrongswan-eap-tls.so + /usr/lib/ipsec/plugins/libstrongswan-eap-tnc.so + /usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so + /usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so + /usr/share/strongswan/templates/config/plugins/eap-aka.conf + /usr/share/strongswan/templates/config/plugins/eap-gtc.conf + /usr/share/strongswan/templates/config/plugins/eap-identity.conf + /usr/share/strongswan/templates/config/plugins/eap-md5.conf + /usr/share/strongswan/templates/config/plugins/eap-radius.conf + /usr/share/strongswan/templates/config/plugins/eap-tls.conf + /usr/share/strongswan/templates/config/plugins/eap-tnc.conf + /usr/share/strongswan/templates/config/plugins/eap-ttls.conf + /usr/share/strongswan/templates/config/plugins/xauth-eap.conf + /etc/strongswan.d/charon/eap-aka-3gpp2.conf + /etc/strongswan.d/charon/eap-dynamic.conf + /etc/strongswan.d/charon/eap-peap.conf + /etc/strongswan.d/charon/eap-sim-file.conf + /etc/strongswan.d/charon/eap-sim-pcsc.conf + /etc/strongswan.d/charon/eap-sim.conf + /etc/strongswan.d/charon/eap-simaka-pseudonym.conf + /etc/strongswan.d/charon/eap-simaka-reauth.conf + /etc/strongswan.d/charon/eap-simaka-sql.conf + + + [Regression Potential] + + The proposed changes affects the libcharon-extra-plugins binary package, + so if any non expected behavior is identified in it might be related to + this SRU. Some maintainer scripts were added to the libcharon-extra- + plugins, therefore if there is any issue during + installation/upgrade/removal/purge of this package might be triggered by + these changes. + + [Original Description] + Hello, As title says. Looks like the eap-peap plugin is not contained in libcharon-extra-plugins anymore. Ubuntu 18.04 has one, but Ubuntu 20.04 not. ** Summary changed: - No EAP-PEAP support anymore + [SRU] No EAP-PEAP support anymore -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1878887 Title: [SRU] No EAP-PEAP support anymore To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1878887/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
