[Swan] Please review: docuemntation of openswan to libreswan migration
tony.whyman at mccallumwhyman.com
Wed Dec 9 15:03:57 UTC 2015
Some very quick feedback.
I migrated our systems earlier this year from Openswan on Ubuntu to
Libreswan. Coming from this background the big issue was NSS. All the
Ubuntu systems were set up with X.509 certificates and private keys in
separate files and suddenly there was a need for know about this weird
thing called NSS and, before that, why doesn't Libreswan recognise my
existing certificates etc.
Hence, the first thing I looked for on the HowTo was a big upfront
warning about the change to NSS. There is some text on this later on,
but it is easy to miss the significance of this and, where are the links
to the wiki page on NSS - which would be so useful for someone coming
from this background.
Thus my feedback is that the removal of the X.509 file support and the
need to understand how to use NSS should be right up front together with
the link to the NSS page.
On 09/12/15 14:45, Paul Wouters wrote:
> I've expanded the openswan migration document to contain a lot more
> information about possible changed behaviour and manual changes needed
> for a smooth migration from openswan to libreswan.
> If you have done this migration, it would be great if you could have a
> look at the document and tell me if you ran into anything that isn't
> mentioned on this page:
> Note that this mostly talks about openswan -> libreswan-3.15+
> Some people have found issues in migrating with earlier libreswan
> versions, which we have addressed since then.
> The reason I did the write up is to better support those running
> RHEL6 that are going to migrate from openswan to libreswan voluntarily
> in RHEL-6.7 (using the Extras channel), or when forced to migrate in
> Swan mailing list
> Swan at lists.libreswan.org
More information about the Swan