pfSense Forum

Retired => 2.2 Snapshot Feedback and Problems - RETIRED => Topic started by: charliem on September 20, 2014, 09:36:20 am

Title: Strongswan smp plugin is deprecated
Post by: charliem on September 20, 2014, 09:36:20 am
(Not sure if this should go in the 2.2 forum or in development)

With strongswan 5.2.0, the SMP plugin is deprecated since 5.2.0 in favor of the Versatile IKE Control Interface (VICI) (https://wiki.strongswan.org/projects/strongswan/wiki/SMP). The SMP plugin is an XML based strongSwan Management Protocol that pfSense uses to manage strongswan ipsec activities. Even in earlier strongswan versions, the SMP plugin was listed as 'incomplete / in development', and now it appears it will be abandoned.

The new vici approach is here: https://wiki.strongswan.org/projects/strongswan/wiki/VICI.  The swanctl program is the main user of the vici library, but neither swanctl or the vici plugin is currently included in the pfSense build of strongswan 5.2.0.

I just wonder if 2.2 should be built on a deprecated interface, or should pfSense move toward vici / swanctl instead?
Title: Re: Strongswan smp plugin is deprecated
Post by: ermal on September 20, 2014, 10:03:21 am
Its known and its ok for 2.2.

IPSec needs work to support more features so than it wil be changed to new interface.
Title: Re: Strongswan smp plugin is deprecated
Post by: jwt on October 30, 2015, 01:38:53 pm
This has been fixed for 2.2.5 (and 2.3).

We have a VICI interface now.

You're welcome.  (Well, not you Ermal, you refused to fix it.)