Monday, 25 January 2016

Re: Strongswan merge for Xenial

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJWpm+mXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1NjVDMzc0QUZCQUQyRkM2MjBDNkMxQkI3
MkZFMERBRTkwMEIyQzM0AAoJEHL+Da6QCyw0pHgP/3umHwqYwLu7skNx2jvuwJKL
gw4Jzxl/3OFA0SIQGGT/Ye3LqQAxn+J4Njg5+GzifE4c1JGNk5yUQPneUCrzFvuf
nf/jhKq+rKlAV/zBwFSTG/k/EwUYC4eCx16vbGY6QWykug0RBB4HDngnYnmid6gL
HChu8bFWMOE17LXaQYd6i4ZhgKO3ID06iIWo4Z9pFe6bMjs+P0GvzVQCxHCZpsSq
mW5eqKYD3+OJi+nbPxbjZyLIfiX3OLzYlL7DcX7R+zsLADLgKKVbwOgFQMsiGgsx
RL+11QV3NlHDm+EwPz6TjXfWFbpRcBo+RMKZuG/9lTds+ZvoUviGXGuO6mJrEQ6h
dIePGF7SogyfZiMJgpbUwfM+jZTfH1U0s4KvZKOg8aK+Ib8ZUqB3sqGuXebB3BTf
XXG+OquAHW1plpJb8QpqkLLAK2ho1fOhCs8FuvMgfJ2mgZ+ysZ7NgV1j7uRVBB4G
kRPMPzdE/58s5DNlYfTZd4CCN6Dsmc6feCRjb8B5BawKJbGMHmJHcpsPA0sWTe3q
fi1MYWOnZiqx2O2GyhqyK2zQuW4AcKh2Q46MUfA4l44fKHh1079uExJOf5SoJqNa
2mSpbw7Ubx5ENNFJa3FknKcKGQSvxmxXpAGzBJJvATjEMA9a2c5lEbpkaxbqWo6B
gW3pIPHm+vPJLh8ZaSZg
=6lQM
-----END PGP SIGNATURE-----
On 2016-01-25 09:49 AM, Ryan Harper wrote:
> On Sun, Jan 24, 2016 at 9:38 PM, Simon Deziel <[email protected]
> <mailto:[email protected]>> wrote:
> > The remaining work items are:
> > - Adding in transitional virtual Packages for upgrade from 5.1.2-0ubuntu8
> > - Testing package upgrade
>
> I upgraded one system so far and it went well.
>
>
> OK. Do you have any of the plugins installed?

Only strongswan-plugin-openssl which was replaced by
libstrongswan-standard-plugins as it should.

I have another system using strongswan-plugin-xauth-generic that I could
upgrade if you like.

> > - Other Removals from Debian
> > *logcheck* files (not relevant to StrongSwan per jpds)
>
> The logcheck files are really dated (see debian #787156) and I've
> accumulated a few rules on my own. Even at the default log level charon
> is very verbose so I think it makes sense to have the package shipping
> logcheck rules. I'd be happy to provided those.
>
>
> Yes please.

Will do.

> > - dropped Debian's enabling IKEv1 and v2 by default?

As discussed on IRC, this was related to adding charonstart=yes to
/etc/ipsec.conf. Since this has been the default since version 5.0.0,
it's OK to drop it IMHO.


Regards,
Simon