Description of problem: I'm new to VPN and IPSec so I could be mistaken, but the strongswan package appears to operate as an alternative to ipsec-tools but maintains it's own filesystem names, e.g. "ipsec"=="strongswan". The issue is with the default iptables up/down script invocation, which defaults to the command "ipsec _updown iptables" rather than "strongswan _updown iptables". Version-Release number of selected component (if applicable): strongswan-5.0.0-3.git20120619.fc18.x86_64 How reproducible: Default configuration. Steps to Reproduce: 1. Install strongswan as the sole VPN/IPSec. 2. Configure a VPN with leftfirewall=yes 3. "Up" the connection. Actual results: No firewall rules injected. Expected results: Firewall rules. Additional info: Can probably work around with explicit ipsec.conf setting 'leftupdown="strongswan _updown iptables"'. Use "alternatives" to maintain symbolic links (/usr/sbin/strongswan --> ipsec)? Might make the documentation easier to navigate too. Could also handle /etc/strongswan/ipsec.d --> /etc/ipsec.d. Modify the hard-coded default script definition in the source to use the value from 'configure'? - src/starter/confread.c, line 41: +++ static const char firewall_defaults[] = "ipsec _updown iptables"; ---
I can confirm this happens for me too on latest package on F19 too: strongswan-5.0.2-2.fc19
strongswan-5.0.4-4.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/strongswan-5.0.4-4.fc19
strongswan-5.0.4-4.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/strongswan-5.0.4-4.fc18
strongswan-5.0.4-4.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/strongswan-5.0.4-4.el6
Package strongswan-5.0.4-4.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing strongswan-5.0.4-4.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10866/strongswan-5.0.4-4.el6 then log in and leave karma (feedback).
strongswan-5.0.4-5.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/strongswan-5.0.4-5.fc19
strongswan-5.0.4-5.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/strongswan-5.0.4-5.fc18
strongswan-5.0.4-4.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
strongswan-5.0.4-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
strongswan-5.0.4-5.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.