pfSense Gold Subscription

Author Topic: Strongswan smp plugin is deprecated  (Read 5808 times)

0 Members and 1 Guest are viewing this topic.

Offline charliem

  • Sr. Member
  • ****
  • Posts: 565
  • Karma: +43/-1
    • View Profile
Strongswan smp plugin is deprecated
« on: September 20, 2014, 09:36:20 am »
(Not sure if this should go in the 2.2 forum or in development)

With strongswan 5.2.0, the SMP plugin is deprecated since 5.2.0 in favor of the Versatile IKE Control Interface (VICI) (https://wiki.strongswan.org/projects/strongswan/wiki/SMP). The SMP plugin is an XML based strongSwan Management Protocol that pfSense uses to manage strongswan ipsec activities. Even in earlier strongswan versions, the SMP plugin was listed as 'incomplete / in development', and now it appears it will be abandoned.

The new vici approach is here: https://wiki.strongswan.org/projects/strongswan/wiki/VICI.  The swanctl program is the main user of the vici library, but neither swanctl or the vici plugin is currently included in the pfSense build of strongswan 5.2.0.

I just wonder if 2.2 should be built on a deprecated interface, or should pfSense move toward vici / swanctl instead?

Offline ermal

  • Hero Member
  • *****
  • Posts: 3832
  • Karma: +82/-5
    • View Profile
Re: Strongswan smp plugin is deprecated
« Reply #1 on: September 20, 2014, 10:03:21 am »
Its known and its ok for 2.2.

IPSec needs work to support more features so than it wil be changed to new interface.

Offline jwt

  • Administrator
  • Sr. Member
  • *****
  • Posts: 329
  • Karma: +92/-22
    • View Profile
Re: Strongswan smp plugin is deprecated
« Reply #2 on: October 30, 2015, 01:38:53 pm »
This has been fixed for 2.2.5 (and 2.3).

We have a VICI interface now.

You're welcome.  (Well, not you Ermal, you refused to fix it.)