-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, 2025-02-23 at 17:55 +0900, Jongmin Kim wrote: > When I run the command: "ipsec start", it fails to locate the necessary > binary. > > $ ipsec start > IKE daemon '/usr/lib/ipsec/charon' not found > > [...] > Please forgive me if I am mistaken, as I do not fully understand the > context of these packages.
Hi, thanks for the report, it's likely related to the packaging changes in 6.0.0-1/6.0.0-2 which made strongswan-swanctl and charon-systemd the default choices for strongswan metapackage. The NEWS entry should have alerted people about that but there might still be fallouts. The thing are a bit complicated in strongSwan to be honest. First we have multiple charon daemons: - - /usr/lib/ipsec/charon which is the historical charon daemon, controlled through the ipsec(8) command (in the strongswan-starter package) and the stroke plugin, configured via /etc/ipsec.conf and is in the strongswan-charon package - - /usr/sbin/charon-systemd which is a newer charon daemon, controled throught the swanctl(8) command (in the strongswan-swanctl package) and the VICI plugin, configured via /etc/swanctl.conf and is in the charon-systemd package - - /usr/sbin/charon-cmd which is a newer charon daemon intended to be used and configured directly from the command line and is in the charon-cmd package - - /usr/lib/ipsec/charon-nm which is intended to be used and controlled via network-manager and is in the strongswan-nm package strongswan-charon depended on strongswan-starter and I wrongly updated that dependency in 6.0.0-1 to strongswan-swanctl. I'll revert that in -3. In reverse, strongswan-starter Recommends: the strongswan-charon package because it doesn't really make sense to have the ipsec command and no daemon to control it. But obviously we can't have the two circular dependencies. I hope it's more clear for you (and the other people reading this bug report later on). As a side note and as indicated by the NEWS entry, you're still encouraged to migrate from the ipsec.conf (and ipsec(8) and /usr/lib/charon) to the swanct.conf way. Just pull the strongswan metapackage and you should be good to start the transition to the configuration. Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAme8LAUACgkQ3rYcyPpX RFtC9Af/V6/AB2vSz6gxRCNjh9mDk44Gp24soF9UsW11rZlSQxO+c+cIvgyrOCuJ dCpT8PX6wpW6anZriMJItABfzSQVptx0egQKoYEP8UxwYURpd1Q6+I6zxO+f5/Jd G4GhsOmT1xD87ZHQRg57lf/I7TwsposvZRdGtUkKaH0zmpeCCQxMQeDLrxKtDHcv YnCDgsRCiFyh16e4Icf/Kv946tHn8XXhcf9Xr9INXjQD4cgDdeZnw/3LSa3knzeP W6xwJ2lsDX591gWUefCkZ4TTiTVfWzjnvdyQx5R55oGdR3TL7anjJB0cfMERiio1 DGSQ2Dw9+IB21Vjg+iGTsqUDC6AOOA== =i+on -----END PGP SIGNATURE-----