Bug 266947 - security/strongswan: does not kldload the ipsec modules on 13.x
Summary: security/strongswan: does not kldload the ipsec modules on 13.x
Status: Closed Not A Bug
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords: needs-patch
Depends on:
Blocks:
 
Reported: 2022-10-10 17:57 UTC by karl
Modified: 2022-10-14 02:40 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (strongswan)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description karl 2022-10-10 17:57:26 UTC 
On 13.x the IPSEC kernel module is loadable and a stub is in the GENERIC declaration.

Strongswan's RC file does not kldload the module, and thus while it comes up and runs attempting to connect will fail with a rather cryptic message on the client claiming authentication was unsuccessful when in fact it succeeded but the kernel on the server end could not insert the SPI entries.

kldload ipsec fixes it; ergo that should be in the startup script so the ipsec module is present before the software starts.
Comment 1 dewayne 2022-10-13 12:19:26 UTC 
(In reply to karl from comment #0)
Aid can be found in /etc/rc.subr, function call to load_kld.  For reference /etc/rc.d/pfsync seems to be a straight-forward example.

I have ipsec in my kernel config, so wanted to make sure this wasn't going to be a problem ;)
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2022-10-13 15:56:01 UTC 
Weird, the rc script already has required_modules="ipsec" so it should kldload the module.

Are you sure that's the problem?
Comment 3 karl 2022-10-14 02:40:36 UTC 
Ah, this appears to be a function of the nanobsd build I am running -- it grabbed the previous version of the rc script and overwrote it on boot.

Closed; the "stock" one has the kldload call in it -- my bad.