Description of problem:
I'm new to VPN and IPSec so I could be mistaken, but the strongswan package appears to operate as an alternative to ipsec-tools but maintains it's own filesystem names, e.g. "ipsec"=="strongswan".
The issue is with the default iptables up/down script invocation, which defaults to the command "ipsec _updown iptables" rather than "strongswan _updown iptables".
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install strongswan as the sole VPN/IPSec.
2. Configure a VPN with leftfirewall=yes
3. "Up" the connection.
No firewall rules injected.
Can probably work around with explicit ipsec.conf setting 'leftupdown="strongswan _updown iptables"'.
Use "alternatives" to maintain symbolic links (/usr/sbin/strongswan --> ipsec)? Might make the documentation easier to navigate too. Could also handle /etc/strongswan/ipsec.d --> /etc/ipsec.d.
Modify the hard-coded default script definition in the source to use the value from 'configure'? - src/starter/confread.c, line 41:
static const char firewall_defaults = "ipsec _updown iptables";
I can confirm this happens for me too on latest package on F19 too:
strongswan-5.0.4-4.fc19 has been submitted as an update for Fedora 19.
strongswan-5.0.4-4.fc18 has been submitted as an update for Fedora 18.
strongswan-5.0.4-4.el6 has been submitted as an update for Fedora EPEL 6.
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing strongswan-5.0.4-4.el6'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
strongswan-5.0.4-5.fc19 has been submitted as an update for Fedora 19.
strongswan-5.0.4-5.fc18 has been submitted as an update for Fedora 18.
strongswan-5.0.4-4.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
strongswan-5.0.4-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
strongswan-5.0.4-5.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.