[Swan] Please review: docuemntation of openswan to libreswan migration

Tony Whyman tony.whyman at mccallumwhyman.com
Wed Dec 9 15:03:57 UTC 2015

Some very quick feedback.

I migrated our systems earlier this year from Openswan on Ubuntu to 
Libreswan. Coming from this background the big issue was NSS. All the 
Ubuntu systems were set up with X.509 certificates and private keys in 
separate files and suddenly there was a need for know about this weird 
thing called NSS and, before that, why doesn't Libreswan recognise my 
existing certificates etc.

Hence, the first thing I looked for on the HowTo was a big upfront 
warning about the change to NSS. There is some text on this later on, 
but it is easy to miss the significance of this and, where are the links 
to the wiki page on NSS - which would be so useful for someone coming 
from this background.

Thus my feedback is that the removal of the X.509 file support and the 
need to understand how to use NSS should be right up front together with 
the link to the NSS page.


Tony Whyman

On 09/12/15 14:45, Paul Wouters wrote:
> Hi,
> I've expanded the openswan migration document to contain a lot more
> information about possible changed behaviour and manual changes needed
> for a smooth migration from openswan to libreswan.
> If you have done this migration, it would be great if you could have a
> look at the document and tell me if you ran into anything that isn't
> mentioned on this page:
> https://libreswan.org/wiki/HOWTO:_openswan_to_libreswan_migration
> Note that this mostly talks about openswan -> libreswan-3.15+
> Some people have found issues in migrating with earlier libreswan
> versions, which we have addressed since then.
> The reason I did the write up is to better support those running
> RHEL6 that are going to migrate from openswan to libreswan voluntarily
> in RHEL-6.7 (using the Extras channel), or when forced to migrate in
> RHEL-6.8.
> Thanks!
> Paul
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

More information about the Swan mailing list