948306 – Default updown script name

Bug 948306 - Default updown script name

Summary: Default updown script name

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	strongswan
Sub Component:
Version:	18
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Nobody's working on this, feel free to take it
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-04-04 14:33 UTC by DaveG
Modified:	2020-11-05 10:04 UTC (History)
CC List:	2 users (show)
Fixed In Version:	strongswan-5.0.4-5.fc18
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-08-03 19:13:44 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description DaveG 2013-04-04 14:33:52 UTC

Description of problem:
I'm new to VPN and IPSec so I could be mistaken, but the strongswan package appears to operate as an alternative to ipsec-tools but maintains it's own filesystem names, e.g. "ipsec"=="strongswan".
The issue is with the default iptables up/down script invocation, which defaults to the command "ipsec _updown iptables" rather than "strongswan _updown iptables".

Version-Release number of selected component (if applicable):
strongswan-5.0.0-3.git20120619.fc18.x86_64

How reproducible:
Default configuration.

Steps to Reproduce:
1. Install strongswan as the sole VPN/IPSec.
2. Configure a VPN with leftfirewall=yes
3. "Up" the connection.
  
Actual results:
No firewall rules injected.

Expected results:
Firewall rules.

Additional info:
Can probably work around with explicit ipsec.conf setting 'leftupdown="strongswan _updown iptables"'.

Use "alternatives" to maintain symbolic links (/usr/sbin/strongswan --> ipsec)? Might make the documentation easier to navigate too. Could also handle /etc/strongswan/ipsec.d --> /etc/ipsec.d.

Modify the hard-coded default script definition in the source to use the value from 'configure'? - src/starter/confread.c, line 41:
+++
static const char firewall_defaults[] = "ipsec _updown iptables";
---

Comment 1 Jamie Nguyen 2013-07-15 07:47:47 UTC

I can confirm this happens for me too on latest package on F19 too:

strongswan-5.0.2-2.fc19

Comment 2 Fedora Update System 2013-07-16 12:19:37 UTC

strongswan-5.0.4-4.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/strongswan-5.0.4-4.fc19

Comment 3 Fedora Update System 2013-07-16 12:22:47 UTC

strongswan-5.0.4-4.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/strongswan-5.0.4-4.fc18

Comment 4 Fedora Update System 2013-07-16 12:26:38 UTC

strongswan-5.0.4-4.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/strongswan-5.0.4-4.el6

Comment 5 Fedora Update System 2013-07-16 19:05:40 UTC

Package strongswan-5.0.4-4.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing strongswan-5.0.4-4.el6'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10866/strongswan-5.0.4-4.el6
then log in and leave karma (feedback).

Comment 6 Fedora Update System 2013-07-25 07:08:45 UTC

strongswan-5.0.4-5.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/strongswan-5.0.4-5.fc19

Comment 7 Fedora Update System 2013-07-25 07:09:50 UTC

strongswan-5.0.4-5.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/strongswan-5.0.4-5.fc18

Comment 8 Fedora Update System 2013-08-03 19:13:44 UTC

strongswan-5.0.4-4.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2013-08-04 00:10:36 UTC

strongswan-5.0.4-5.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2013-08-04 00:12:16 UTC

strongswan-5.0.4-5.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.