Comment 12 for bug 1535951

On Sat, Feb 13, 2016 at 12:27 PM, mrq1 <email address hidden> wrote:

> great! starts now :-)
>
> what about the chapoly plugin? can you enable it in the extra package?
> it would be very important for me!
>

I can look at enabling it. It's new in 5.3.5. If enabled, can you test
and confirm it works?
Looks like something quite interesting.
https://en.wikipedia.org/wiki/Poly1305

Comments here in the Debian bug indicate that this requires at least 4.2
kernel.
For Xenial, this will be sufficient I suppose.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803787

>
> btw: the output of service looks strange to me
>
> # service strongswan status
> ● strongswan.service - strongSwan IPsec services
> Loaded: loaded (/lib/systemd/system/strongswan.service; enabled; vendor
> preset: enabled)
> Active: inactive (dead) since Sat 2016-02-13 19:22:46 CET; 42s ago
> Process: 25807 ExecStopPost=/bin/rm -f /var/run/charon.pid
> /var/run/starter.charon.pid (code=exited, status=0/SUCCESS)
> Process: 25789 ExecStop=/usr/sbin/ipsec stop (code=exited,
> status=0/SUCCESS)
> Main PID: 25643 (code=exited, status=0/SUCCESS)
>

That looks like from the initial install; You may need to reload the new
apparmor policy

apparmor_parser -r /etc/apparmor.d/usr.lib.ipsec.charon

And then you can restart it with:

systemctl restart strongswan

and check status

systemctl status strongswan

>
> looks like the service is not running anymore but via
> # ipsec statusall
> everything looks ok
>
> is the some systemd-integration-magic missing?
>

I'm not sure what ipsec statusall invokes to check status.

In an up-to-date Xenial VM, installing the current packages in the PPA, I
get the following:

# systemctl status strongswan
● strongswan.service - strongSwan IPsec services
   Loaded: loaded (/lib/systemd/system/strongswan.service; enabled; vendor
preset: enabled)
   Active: active (running) since Sat 2016-02-13 21:50:59 UTC; 18s ago
 Main PID: 2798 (starter)
   CGroup: /system.slice/strongswan.service
           ├─2798 /usr/lib/ipsec/starter --daemon charon
           └─2799 /usr/lib/ipsec/charon --use-syslog

Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading ocsp signer certificates
from '/...ts'
Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading attribute certificates
from '/et...ts'
Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading crls from
'/etc/ipsec.d/crls'
Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading secrets from
'/etc/ipsec.secrets'
Feb 13 21:50:59 sw1 charon[2799]: 00[LIB] loaded plugins: charon
test-vectors aes ...own
Feb 13 21:50:59 sw1 charon[2799]: 00[LIB] dropped capabilities, running as
uid 0, gid 0
Feb 13 21:50:59 sw1 charon[2799]: 00[JOB] spawning 16 worker threads
Feb 13 21:50:59 sw1 ipsec_starter[2798]: charon (2799) started after 20 ms
Feb 13 21:50:59 sw1 systemd[1]: Started strongSwan IPsec services.
Feb 13 21:51:00 sw1 systemd[1]: Started strongSwan IPsec services.
Hint: Some lines were ellipsized, use -l to show in full.
root@sw1:~#
root@sw1:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-4-generic,
x86_64):
  uptime: 30 seconds, since Feb 13 21:51:00 2016
  malloc: sbrk 946176, mmap 0, used 229008, free 717168
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
  loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random
nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp
dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve
socket-default stroke updown
Listening IP addresses:
  192.168.122.147
  10.0.3.1
Connections:
Security Associations (0 up, 0 connecting):
  none

>
> thanks!
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1535951
>
> Title:
> Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions
>