Retired > 2.2 Snapshot Feedback and Problems - RETIRED

Strongswan smp plugin is deprecated

(1/1)

charliem:
(Not sure if this should go in the 2.2 forum or in development)

With strongswan 5.2.0, the SMP plugin is deprecated since 5.2.0 in favor of the Versatile IKE Control Interface (VICI) (https://wiki.strongswan.org/projects/strongswan/wiki/SMP). The SMP plugin is an XML based strongSwan Management Protocol that pfSense uses to manage strongswan ipsec activities. Even in earlier strongswan versions, the SMP plugin was listed as 'incomplete / in development', and now it appears it will be abandoned.

The new vici approach is here: https://wiki.strongswan.org/projects/strongswan/wiki/VICI.  The swanctl program is the main user of the vici library, but neither swanctl or the vici plugin is currently included in the pfSense build of strongswan 5.2.0.

I just wonder if 2.2 should be built on a deprecated interface, or should pfSense move toward vici / swanctl instead?

ermal:
Its known and its ok for 2.2.

IPSec needs work to support more features so than it wil be changed to new interface.

jwt:
This has been fixed for 2.2.5 (and 2.3).

We have a VICI interface now.

You're welcome.  (Well, not you Ermal, you refused to fix it.)

Navigation

[0] Message Index

Go to full version