Arch Linux User Repository

I confim, plz add aarch64 architecture support, It builds pass and works fine on espressobin too!

All of as can VOT for this PKG !!! plz vot ..!! libreswan is better and easily configuretable ipsec fork now is version 4.4 with fixes

plz add aarch64 architecture support, It builds pass and works fine on my RaspberryPi Arch Linux ARM.

I agree with dkosovic.

I do need modp1024 too for my libreswan usage for the same reason (modp1024)

It'll be great if libreswan can be built with USE_DH2=true like how Red Hat are with CentOS Stream 8 (and upcoming RHEL 8.4) :

https://git.centos.org/rpms/libreswan/blob/c8s/f/SPECS/libreswan.spec

USE_DH2=true will allow modp1024 which many legacy VPN servers are only proposing. Additionally, networkmanager-l2tp will need to be built with --enable-libreswan-dh2 configure switch.

libreswan removed -DALLOW_MICROSOFT_BAD_PROPOSAL in v4.0 by default in mk/config.mk, see 1.

Could you please reenable it for now? It would be enabled in next release automatically (and ifdef removed), see 2.

ipsec verify shows some errors.

$ ipsec verify                                                                                                               
/usr/bin/ipsec: /usr/lib/ipsec/verify: /usr/bin/python23: bad interpreter: No such file or directory
/usr/bin/ipsec: line 531: /usr/lib/ipsec/verify: Success

Compile with nss 3.51 then you can immediately upgrade to nss 3.52. The nss 3.52 headers are the problem. nss 3.51 headers work for nss 3.52.

@defts : THANKS !

@defts is a lifesaver. As mentioned in https://github.com/libreswan/libreswan/issues/342 nss needs to be downgraded. In my case I have downgraded from nss 3.52.1 to nss 3.51.1-1 and rebuilt libreswan. This fixes the issue.

@squalou @oddy

same issue here
for a quick fix, you can downgrade nss to 3.51 and rebuild libreswan

downgrade nss 
yay --rebuild libreswan

i post that reponse here https://github.com/libreswan/libreswan/issues/342