New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
strongswan: enable charon-systemd #21872
Conversation
@basvandijk, thanks for your PR! By analyzing the history of the files in this pull request, we identified @FPtje, @ip1981 and @zimbatm to be potential reviewers. |
Please find real reason :) Until then you can override strongswan for your deployment. |
@ip1981 configurations written in the old format cannot load on boot because some daemon isn't ready yet and because the old method (the I mean another solution could be to change the service to make sure charon is loaded first, but it would be putting effort into fixing something that's outdated anyway. Strongswan clearly want people to use the new swanctl. |
When did this start happening? I had been running strongswan long time without issues. |
@ip1981 it appears StrongSwan-5.2.0 started recommending swanctl and the vici plugin. See the second and third point in the release notes: https://wiki.strongswan.org/versions/52 With regards to the PR do note that the existing StrongSwan tools and NixOS module are unaffected by this commit. The only thing this commit does is fixing the broken It should be safe to merge. |
Ok, then. Though systemd as a dependency is a trigger :D |
:) Of course I could make the systemd support optional with a |
@basvandijk , Thanks a lot for this. Do you have a systemd.services derivation for the daemon? |
@unlmtd not yet but I actually just started working on a NixOS module for charon-systemd. I don't have a lot of time to work on it the coming two weeks so expect a PR in about three weeks. |
I have trouble getting my StrongSwan VPN to start reliably. My issue is described in detail on the StrongSwan mailing list:
https://lists.strongswan.org/pipermail/users/2017-January/010359.html
The proposed solution is to switch from the
charon
daemon and theipsec
tool tocharon-systemd
and theswanctl
tool. This patch adds support forcharon-systemd
and makes sure thatswanctl
reads its configuration files from/etc/swanctl
instead of from$out/etc/swanctl
which is in the unmodifiable nix store.I hope to add a subsequent patch with a corresponding NixOS module.
Also see: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
It would be really ideal if this and the last two commits on
strongswan/default.nix
( namely: c38b4da and 9c61571) could be merged inrelease-16.09
.