Closed igsilya closed 2 months ago
This has been fixed by adding support for parsing --config to ipsec command. Note: auto script is no more, everything ipsec does for auto is eats auto part of the command and warns about using legacy option.
This has been fixed by adding support for parsing --config to ipsec command. Note: auto script is no more, everything ipsec does for auto is eats auto part of the command and warns about using legacy option.
Are you suggesting to re-order arguments? If so, it doesn't work as ipsec
command itself doesn't recognize the --config
either:
# ipsec --config $(pwd)/my/ipsec.conf auto --ctlsocket $(pwd)/my/pluto.ctl --start --asynchronous tun-in-1
/usr/sbin/ipsec: unknown option "--config" (perhaps command name was omitted?)
Order doesn't matter. But in near future you need to stop using old options and move to using new ones. We won't support auto option forever.
Order doesn't matter. But in near future you need to stop using old options and move to using new ones. We won't support auto option forever.
I understand that, but it is still available now and it doesn't work, so it is still a bug.
'deprecated' means that it is still supposed to work until it is removed in some future version. What's the point of deprecation if it is just broken? You could have deleted the ipsec auto
command right away in this case.
That was unfair. This was first use case which was not working.
untested
I pushed the test WIP whack-up-02-config
, the bug isn't related to deprecating ipsec auto
.
Fixed by b9c34f53bc69bcb687c2f64aa340178e0d6a1623
In Libreswan v5
ipsec auto
no longer supports--config
option:However, without this option
ipsec auto --start --asynchronous <name>
will calladdcon
command with--config /etc/ipsec.conf
, which is not a config filepluto
is running with, e.g.