-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
> Please enable the ‘duplicheck’ plugin. This plugin is a more > specialized form of the ‘uniqueids’ feature for detecting duplicate > identities. This plugin is marked as stable according to the > PluginList¹ wiki and doesn't require any additional build dependencies. I'm not sure if it's a good idea to enable this plugin. As Gerald says it is a very specialized check for duplicate SAs. Well, perhaps not the check itself, but certainly the behavior once a duplicate is found. The problem is that if a duplicate is detected by this plugin, if the old IKE_SA is still alive, you'll end up with no SA at all. I guess that's not what most users expect. This problem gets worse because the plugin is enabled by default: > You may want to add charon.plugins.duplicheck.enable = no to > strongswan.conf since this plugin is enabled by default. This is reasonable but will not help users that upgrade an existing installation for which they already have created a strongswan.conf file. Granted, enabling plugins like these by default (there are others that are enabled when loaded) was not a very good idea. In particular because we still have no decent way yet to enable/disable plugins in a more dynamic fashion (something like Apache's a2enmod perhaps). It would be great if there was a way to ship all plugins but let users enable them on demand (charon.load does not work very well for this). We actually considered just changing the defaults for the .enable options of all plugins to "no" with 5.1.0, which at least would allow shipping all plugins. But it would also require many users to update their strongswan.conf and enable plugins manually after upgrading. Not sure it that's any better. What is the package maintainer's point of view on this? Regards, Tobias -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlH22AwACgkQR2BKbzEc4IW+wgCfVWyomLT9GjrBaeaPD0cHqB3z F1IAoL38y83MCb8CziygwvrxHwlTQPWV =0xr9 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
