On Mon, Feb 24, 2025 at 12:50:35PM +0000, Douglas Kosovic wrote: > Hi Jongmin, > > Thanks for the bug report. > > > Although I do not have full context of this package, I suggest fixing the > > issue by trying one of these: > > > > 1. Explicitly depends on "strongswan-starter" instead of "strongswan" > > 2. Switch to use "strongswan-swanctl" (although I am not entirely know how > > this package does) > > With option 1, looks like more than strongswan-starter is required > ,strongswan-charon is definitely > required also, possibly more, maybe all of the dependencies of the old > strongswan meta-package, > still looking into it. > > Option 2 isn't really an option as the network-manager-l2tp code would need > to be modified to use > the newer style swanctl config file syntax and commands that are far removed > from libreswan > which this VPN plugin is also compatible with. If I were to write new code, > would probably use > the strongswan API to establish the VPN connection rather than rely on > command-line tools > and config files. > Hey, strongSwan maintainer here.
Sorry for breaking your use case, I didn't really check the reverse dependencies of the strongswan metapackage (to be honest that metapackage was mostly intended for end-users, not packagers). I think the longterm road is indeed for nm-l2tp to migrate to either using the VICI interface (to control the charon-systemd daemon like swanctl(8) does) or maybe to coordinate with network-manager-strongswan and talk to the charon-nm daemon (in the strongswan-nm package) over D-Bus. Short term, nm-l2tp needs to depends on the packages it actually uses. The charon daemon itself is in the strongswan-charon package, while the strongswan-starter package provides the ipsec(8) command reading the ipsec.conf to control the daemon through the stroke plugin. If you need both, then depends on both. Regards, -- Yves-Alexis
