[Swan] Please review: docuemntation of openswan to libreswan migration
Tony Whyman
tony.whyman at mccallumwhyman.com
Thu Dec 10 10:35:11 UTC 2015
Supplementing my original point - I've gone through the notes I made
when converting from Ubuntu/Openswan to Libreswan and, apart from the
NSS issue, it was generally very straightforward, especially for a
"standard" VPN type configuration. The only other issue of note comes
from building Libreswan as deb packages and installing from .deb files.
In this case, Libreswan was installed (under Ubuntu) as an upstart job
while Openswan had been a System V Init script install. This caused some
initial confusion as /etc/init.d/ipsec had for some reason not been
removed when the Libreswan package was installed (I used my own
repository and apt-get).
I was also used to controlling pluto by using commands such as
"/etc/init.d/ipsec restart" when the VPN needed to be kicked back into
life. With Libreswan, I need to use "ipsec restart" instead.
It's these small differences that, in practice, affect the user much
more than the build time parameter changes.
Tony
On 09/12/15 23:07, Tom Robinson wrote:
> On 10/12/15 02:03, Tony Whyman wrote:
>> Thus my feedback is that the removal of the X.509 file support and the need to understand how to use
>> NSS should be right up front together with the link to the NSS page.
> I also found this to be the most challenging thing when migrating in the last few months.
>
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20151210/61407d65/attachment-0001.html>
More information about the Swan
mailing list