[Swan] Please review: docuemntation of openswan to libreswan migration

Tony Whyman tony.whyman at mccallumwhyman.com
Thu Dec 10 10:35:11 UTC 2015

Supplementing my original point - I've gone through the notes I made 
when converting from Ubuntu/Openswan to Libreswan and, apart from the 
NSS issue, it was generally very straightforward, especially for a 
"standard" VPN type configuration. The only other issue of note comes 
from building Libreswan as deb packages and installing from .deb files.

In this case, Libreswan was installed (under Ubuntu) as an upstart job 
while Openswan had been a System V Init script install. This caused some 
initial confusion as /etc/init.d/ipsec had for some reason not been 
removed when the Libreswan package was installed (I used my own 
repository and apt-get).

I was also used to controlling pluto by using commands such as 
"/etc/init.d/ipsec restart" when the VPN needed to be kicked back into 
life. With Libreswan, I need to use "ipsec restart" instead.

It's these small differences that, in practice, affect the user much 
more than the build time parameter changes.


On 09/12/15 23:07, Tom Robinson wrote:
> On 10/12/15 02:03, Tony Whyman wrote:
>> Thus my feedback is that the removal of the X.509 file support and the need to understand how to use
>> NSS should be right up front together with the link to the NSS page.
> I also found this to be the most challenging thing when migrating in the last few months.
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20151210/61407d65/attachment-0001.html>

More information about the Swan mailing list