[Swan-dev] Comments/Suggestions for Libreswan Documentation

Andrew Cagney andrew.cagney at gmail.com
Tue Dec 19 18:58:10 EET 2023 

FYI,

The documentation has been given a slight refresh, hopefully
addressing the points you made below.
As for debian and xml, if the problem is still there can you file a bug.

Andrew

On Wed, 13 Sept 2023 at 15:56, Bill Atwood <williamatwood41 at gmail.com> wrote:
>
> Applicable to version 4.12 tarball
>
> In README.md
>
> 1. For Debian/Ubuntu, the list of packages required includes "xmlto",
> which installs 95 packages, requiring 726 MB.  Is it really necessary to
> install all of these?  It seems unlikely to me that Libreswan needs a
> complete TeX system, for example.  It seems possible (from other
> reading) that this requirement is only necessary if the man pages are
> being built.  However, attempting to do "make base" when xmlto has not
> been installed results in an error message.  Is there a way to satisfy
> the needs of a base-only install, without installing all of xmlto?  If
> this is so, a note to this effect, or a revised makefile and
> instructions, would be useful.


> 2. Under the heading "Building for DEB based systems", the first line
> starts "The packaging/Debian directly is used".  The word "directly"
> should be "directory".  (Note that this error was reported previously
> (on 2023-08-06), and the README.md file on the GitHub site has been
> fixed, but this fix appears not to have propagated to the 4.12 tarball.)
>
> 3. Under the heading "Compiling the userland and IKE daemon manually in
> /usr/local", the first line is "make programs", which returns an error
> message:
>      "make: *** No rule to make target 'programs'.  Stop."
>
> (Note: the INSTALL file in the same directory suggests "make all".)
>
> In man ipsec.conf(5)
>
> 4. In the section "CONN PARAMETERS: GENERAL", under the parameter
> "left", it explicitly says that "IPv4 and IPv6 IP addresses are
> supported".  However, I can find no IPv6 addresses in *any* of the examples.
>
> 5. Under the parameter "left", it says, " The value can also contain the
> interface name, which will then later be used to obtain the IP address
> from to fill in.  For example %ppp0."  For IPv6, which address will be
> used?  An IPv6 interface will typically have several valid addresses.
>
> 6. More importantly, if the user needs to specify an IPv6 Link-Local
> (LL) address, the interface name MUST also be given, because IPv6 LL
> addresses are unique only on a single medium, and it is not possible to
> tell which interface to use from the IPv6 address itself.  (A typical
> IPv6 LL address would be specified as fe80::xxxx:xxxx:xxxx:xxxx%eno1.
> This is going to conflict with the present semantics for %eno1.)
>
> 7. Under the parameter "leftsubnet" (and others later on), it says "any
> form acceptable to ipsec_ttosubnet(3)".  However, when I do "man
> ipsec_ttosubnet", on a system where the "man" pages have been installed,
> I am told that there is " No manual entry for ipsec_ttosubnet".
>
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev

More information about the Swan-dev mailing list