285049 – security/strongswan: please allow old stroke interface to be enabled

Bug 285049 - security/strongswan: please allow old stroke interface to be enabled

Summary: security/strongswan: please allow old stroke interface to be enabled

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Vladimir Druzenko

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-02-26 10:13 UTC by adrik
Modified:	2025-02-27 09:02 UTC (History)
CC List:	3 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (strongswan)

Attachments
strongswan_enable_stroke_patch (5.45 KB, patch) 2025-02-26 12:25 UTC, kwf	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description adrik 2025-02-26 10:13:44 UTC

When installing the port, the following message is displayed:

The default strongSwan configuration interface have been updated to vici since version 5.9.2_1.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.

However this doesn't work, since the stroke plugin, ipsec, starter and stroke commands have bene removed and are no longer available.
Disbaling the vici option doesn't work either, since the required plugin and commands are not installed.
Converting an existing stroke ipsec.conf configuration is not straight forward.

Can the old stroke interface be enabled using the --enable-stoke option to CONFIGURE_ARGS or added as a separate option to OPTION_DEFS?
The pkg-plist would also need to be updated to included the required plugin and files.

Comment 1 kwf 2025-02-26 12:25:52 UTC

Created attachment 257996 [details]
strongswan_enable_stroke_patch

Comment 2 kwf 2025-02-26 12:29:11 UTC

(In reply to adrik from comment #0)

Please see the patch that provides config options to enabled stroke.

Note that strongSwan has deprecated the stroke management interface for years and I'd advise you to migrate your config to vici before it is removed.

Comment 3 adrik 2025-02-26 14:05:41 UTC

Thanks for the quick patch.
Since you increased the port revision, I assume this will be committed to the port as well.

I will attempt to convert to vici before the next release of strongswan.

Comment 4 commit-hook freebsd_committer

2025-02-27 08:52:11 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=de8342c344586c7f63cad0576b807820eb568099

commit de8342c344586c7f63cad0576b807820eb568099
Author:     kwf <kwf@nanoteq.com>
AuthorDate: 2025-02-27 08:48:04 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-02-27 08:51:44 +0000

    security/strongswan: Allow old stroke interface to be enabled

    Note that strongSwan has deprecated the stroke management interface for
    years, and it is recommended to migrate the configuration to vici before
    it is removed.

    PR:     285049

 security/strongswan/Makefile  |  6 +++++-
 security/strongswan/pkg-plist | 22 ++++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

Comment 5 Vladimir Druzenko freebsd_committer

2025-02-27 09:02:57 UTC

Thanks.