Package Details: libreswan 3.32-3

Git Clone URL: (read-only, click to copy)
Package Base: libreswan
Description: IPsec implementation with IKEv1 and IKEv2 keying protocols
Upstream URL:
Keywords: ipsec
Licenses: GPL, MPL
Conflicts: freeswan, ipsec-tools, openswan, strongswan
Submitter: abique
Maintainer: severach
Last Packager: severach
Votes: 37
Popularity: 1.17
First Submitted: 2014-03-07 08:29
Last Updated: 2020-06-24 01:06

Latest Comments

1 2 3 4 5 Next › Last »

aita commented on 2020-06-23 08:54

ipsec verify shows some errors.

$ ipsec verify                                                                                                               
/usr/bin/ipsec: /usr/lib/ipsec/verify: /usr/bin/python23: bad interpreter: No such file or directory
/usr/bin/ipsec: line 531: /usr/lib/ipsec/verify: Success

severach commented on 2020-05-20 19:31

Compile with nss 3.51 then you can immediately upgrade to nss 3.52. The nss 3.52 headers are the problem. nss 3.51 headers work for nss 3.52.

squalou commented on 2020-05-20 11:07

@defts : THANKS !

oddy commented on 2020-05-20 10:59

@defts is a lifesaver. As mentioned in nss needs to be downgraded. In my case I have downgraded from nss 3.52.1 to nss 3.51.1-1 and rebuilt libreswan. This fixes the issue.

defts commented on 2020-05-20 09:40

@squalou @oddy

same issue here
for a quick fix, you can downgrade nss to 3.51 and rebuild libreswan

downgrade nss 
yay --rebuild libreswan

i post that reponse here

squalou commented on 2020-05-20 09:33

issue here too with l2tp psk, and libreswan 3.32-1

Job for ipsec.service failed because a fatal signal was delivered causing the control process to dump core.

ipsec fails to start

downgrading do 3.31-1 ... does not help so far :( previous versions do not compile anymore

=> move to strongswan instead, which works in my case

oddy commented on 2020-05-20 07:54

the latest update of libreswan, 3.32-1 breaks XAUTH VPN for me with an exception

May 20 17:35:18 miniattic pluto[4467]: ABORT: ASSERTION FAILED: test_gcm_vectors(&ike_alg_encrypt_aes_gcm_16, aes_gcm_tests) (in test_ike_alg() at ike_alg_test.c:41)

This means I can no longer work from home. I will try to downgrade the package. I do not know if it's an upstream issue or not.

heapifyman commented on 2020-03-16 17:12

@tapia @tatumkhamun thanks.

I can connect to VPN again if I either switch to strongswan or adapt the phase 1 algorithm settings.

Unfortunately I am still not able to ssh into machines on the VPN. Although mounting network drives from the VPN does work...

I also had to change Identity → PPP Settings... → MTU to a value of 1200 to be able to use SSH again.

tapia commented on 2020-03-16 16:51

@heapifyman I meant adapting the phase1 algorithm setting.

tatumkhamun commented on 2020-03-16 14:55

@heapify that is the strongswan I downloaded. The only other package I had installed was networkmanager-l2tp so that it interfaced with the network manager. Everything else was then plugin and play.