dkosovic
commented
5 years ago Version 1.2.12 is backwards compatible with older VPN connection profile files that are stored under /etc/NetworkManager/system-connections/. For example the deprecated Gateway ID from an older profile file is mapped to Remote ID here in the code :
Similarly for other options, I try to maintain backwards compatibility for VPN connection profiles.
For version 1.7.x (and later), users might need to open a VPN connection in the connection editor and re-save it, due to differences in additional credential handling with the introduction of certificate support.
You might want to delete any stray /etc/ipsec.d/nm-l2tp-ipsec-*.secrets (or whatever the equivalent location is in NixOS) generated by VPN connections from the previous versions of the package. e.g. for the Fedora pre-installation step in the RPM package, I have the following scriptlet:
%pre
# remove any NetworkManager-l2tp <= 1.2.10 transient ipsec-*.secrets files.
rm -f %{_sysconfdir}/ipsec.d/nm-l2tp-ipsec-*.secrets
rm -f %{_sysconfdir}/strongswan/ipsec.d/nm-l2tp-ipsec-*.secrets
exit 0But if users are switching from the GNOME L2TP GUI frontend to KDE there will be issues. I maintain the GNOME L2TP GUI frontend in this repository and naturally the the front and backends from here are in sync, The KDE L2TP GUI frontend is part of KDE's plasma-nm package, I try to make the backend compatible with the KDE frontend, but any VPN profiles saved with the GNOME frontend are too new for the KDE frontend and it will spit the dummy.
I'm from the NixOS project. I'm wanting to upgrade our stable release from 1.2.10 to 1.2.12, as 1.2.12 fixes some issues we've seen. However, from the changelog it isn't clear to me if this would possibly break some users. Does this seem reasonable to you, or would you recommend against making this upgrade for our stable users?