[Swan] Please review: docuemntation of openswan to libreswan migration

Paul Wouters paul at nohats.ca
Fri Dec 11 19:30:01 UTC 2015

On Thu, 10 Dec 2015, Tony Whyman wrote:

> Supplementing my original point - I've gone through the notes I made when converting from Ubuntu/Openswan to Libreswan and, apart
> from the NSS issue, it was generally very straightforward, especially for a "standard" VPN type configuration. The only other issue
> of note comes from building Libreswan as deb packages and installing from .deb files.

We've made many changed in the debian/ directory in the last few months.

> In this case, Libreswan was installed (under Ubuntu) as an upstart job while Openswan had been a System V Init script install. This
> caused some initial confusion as /etc/init.d/ipsec had for some reason not been removed when the Libreswan package was installed (I
> used my own repository and apt-get).

Ahh. Added a warning for that to the migration page. Thanks!

> I was also used to controlling pluto by using commands such as "/etc/init.d/ipsec restart" when the VPN needed to be kicked back
> into life. With Libreswan, I need to use "ipsec restart" instead.

Technically, you can use the init system commands. So "service" for sysv
and "systemctl" for systemd. However, we do support automatic
redirection using the "ipsec" command, so ipsec "start|stop|restart"
will always work (we are that old - we predated the "service" command
and did not want to use /etc/init.d/ipsec or /etc/rc.3.d/ipsec and so
"ipsec setup start|stop|restart" was a wrapper for that. A long time ago
we made the "setup" keyword optional.

> It's these small differences that, in practice, affect the user much more than the build time parameter changes.

Yes, those are more hints for developers that build their own appliance.


More information about the Swan mailing list