Bug 948306 - Default updown script name
Summary: Default updown script name
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: strongswan
Version: 18
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-04-04 14:33 UTC by DaveG
Modified: 2020-11-05 10:04 UTC (History)
2 users (show)

Fixed In Version: strongswan-5.0.4-5.fc18
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-03 19:13:44 UTC
Type: Bug


Attachments (Terms of Use)

Description DaveG 2013-04-04 14:33:52 UTC
Description of problem:
I'm new to VPN and IPSec so I could be mistaken, but the strongswan package appears to operate as an alternative to ipsec-tools but maintains it's own filesystem names, e.g. "ipsec"=="strongswan".
The issue is with the default iptables up/down script invocation, which defaults to the command "ipsec _updown iptables" rather than "strongswan _updown iptables".

Version-Release number of selected component (if applicable):
strongswan-5.0.0-3.git20120619.fc18.x86_64

How reproducible:
Default configuration.

Steps to Reproduce:
1. Install strongswan as the sole VPN/IPSec.
2. Configure a VPN with leftfirewall=yes
3. "Up" the connection.
  
Actual results:
No firewall rules injected.

Expected results:
Firewall rules.

Additional info:
Can probably work around with explicit ipsec.conf setting 'leftupdown="strongswan _updown iptables"'.

Use "alternatives" to maintain symbolic links (/usr/sbin/strongswan --> ipsec)? Might make the documentation easier to navigate too. Could also handle /etc/strongswan/ipsec.d --> /etc/ipsec.d.

Modify the hard-coded default script definition in the source to use the value from 'configure'? - src/starter/confread.c, line 41:
+++
static const char firewall_defaults[] = "ipsec _updown iptables";
---

Comment 1 Jamie Nguyen 2013-07-15 07:47:47 UTC
I can confirm this happens for me too on latest package on F19 too:

strongswan-5.0.2-2.fc19

Comment 2 Fedora Update System 2013-07-16 12:19:37 UTC
strongswan-5.0.4-4.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/strongswan-5.0.4-4.fc19

Comment 3 Fedora Update System 2013-07-16 12:22:47 UTC
strongswan-5.0.4-4.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/strongswan-5.0.4-4.fc18

Comment 4 Fedora Update System 2013-07-16 12:26:38 UTC
strongswan-5.0.4-4.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/strongswan-5.0.4-4.el6

Comment 5 Fedora Update System 2013-07-16 19:05:40 UTC
Package strongswan-5.0.4-4.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing strongswan-5.0.4-4.el6'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10866/strongswan-5.0.4-4.el6
then log in and leave karma (feedback).

Comment 6 Fedora Update System 2013-07-25 07:08:45 UTC
strongswan-5.0.4-5.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/strongswan-5.0.4-5.fc19

Comment 7 Fedora Update System 2013-07-25 07:09:50 UTC
strongswan-5.0.4-5.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/strongswan-5.0.4-5.fc18

Comment 8 Fedora Update System 2013-08-03 19:13:44 UTC
strongswan-5.0.4-4.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2013-08-04 00:10:36 UTC
strongswan-5.0.4-5.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2013-08-04 00:12:16 UTC
strongswan-5.0.4-5.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.