Package: strongswan-starter
Version: 4.5.2-1.3
Severity: important
Hi,
I'm using strongswan with IKEv2 to setup an ipsec tunnel in a
roadwarrior config. I use the dns plugin to add the “home network” dns
server to the resolver config when I mount the tunnel.
This works fine, except that it breaks resolvconf. In resolvconf setups,
/etc/resolv.conf is a symlink to /etc/resolvconf/run/resolv.conf, which
is updated using resolvconf rules.
Strongswan, when adding a dns server in /etc/resolv.conf, seems to
remove the file and recreate it, thus not preserving the symlink.
The best would be to support resolvconf, but even if it's not possible,
it shouldn't mess with the file itself, and just add information where
needed.
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages strongswan-starter depends on:
ii debconf [debconf-2.0] 1.5.42
ii libc6 2.13-27
ii libstrongswan 4.5.2-1.3
ii strongswan-ikev2 4.5.2-1.3
strongswan-starter recommends no packages.
strongswan-starter suggests no packages.
-- Configuration Files:
/etc/ipsec.conf changed:
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
# nat_traversal=yes
charonstart=yes
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn molly
left=%defaultroute
leftauth=psk
rightauth=psk
leftsourceip=%config
right=78.192.68.46
#rightsubnet=192.168.0.0/24
rightsubnet=0.0.0.0/0
auto=add
conn pass
rightsubnet=192.168.24.0/24
type=passthrough
authby=never
auto=route
/etc/ipsec.secrets [Errno 13] Permission denied: u'/etc/ipsec.secrets'
-- debconf information:
strongswan/x509_self_signed: true
strongswan/x509_country_code: AT
strongswan/ikev1: true
strongswan/x509_organization_name:
strongswan/existing_x509_key_filename:
strongswan/x509_state_name:
strongswan/x509_organizational_unit:
strongswan/how_to_get_x509_certificate: create
strongswan/restart: true
strongswan/x509_common_name:
strongswan/ikev2: true
strongswan/rsa_key_length: 2048
strongswan/existing_x509_certificate_filename:
strongswan/existing_x509_rootca_filename:
strongswan/install_x509_certificate: false
strongswan/x509_email_address:
strongswan/enable-oe: false
strongswan/runlevel_changes:
strongswan/x509_locality_name:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
