Package: strongswan-swanctl Version: 5.5.1-4+deb9u4
Depends: libstrongswan (= 5.5.1-4+deb9u4), libc6 (>= 2.4) Running on: Debian 9.6 Kernel: 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux libc6 Version: 2.24-11+deb9u3 ------------------------------------------------------------------------------------ Only the package `strongswan-starter` contains the `/usr/lib/ipsec/_updown` script for configuring `iptables`. If an installation uses `strongswan-swanctl` instead of the older starter/ipsec scripts then the `_updown` script won't be installed. The script is used in the vici based example configuration and my setup also fails to work without it, which suggests that it should be available. A temporary fix is to install `strongswan-starter` but that brings in a few dependencies and automatically starts `strongswan`, which needs to be stopped and disabled. This latter task seems to break currently running SAs which requires `strongswan-swanctl` to be restarted. So it's not a perfect workaround. The `_updown` script needs to be in a package that is common to all strongswan installations.
