Comment 23 for bug 1535951

On Sun, Feb 14, 2016 at 3:36 AM, mrq1 <email address hidden> wrote:

> looks good so far :-)
>
> i think the kernel-libipsec plugin should not be loaded by default
>
> the plugin works only with UDP encapsulated packets
>
> (look here: https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-
> libipsec)
>
> and this will break most of the "normal"/LAN setups
>

The kernel-libipsec plugin is optional; a user must apt-get install
libstrongswan-extra-plugins.
I've installed the extra plugins in a VM which uses NAT configuration and
none of the
networking was broken if the kernel-libipsec module was loaded (but
unconfigured).

However, I'm interested if you can expand on what setup would break? We
certainly don't want
break or surprise users so I'd like understand what "breaks" if the module
is loaded by default.

>
> i would build and include the plugin but disable the loading with
>
> /etc/strongswan.d/charon/kernel-libipsec.conf
> > load = no
>

This would be a change compared to all other plugins so I'd like to
understand why
this plugin in the default configuration breaks any normal/LAN setups.

> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1535951
>
> Title:
> Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions
>