Page MenuHomeVyOS Platform

Upgrade strongswan to 5.9.6
Open, Requires assessmentPublicFEATURE REQUEST


As per - and

With the current strongswan version (5.9.1) there seems to be the above issues.

I recompiled/created the deb packages on my own for strongswan 5.9.6, starting from dsc and sources for debian testing (available at / tag debian/5.9.6-1).

With the newer version, the issue seems resolved.

NOTE: the patches @ do not apply to the new 5.9.6 tree. However, you can find the updated patches here: . my recompiled deb uses these ones.
NOTE: the newer version adds these deb dependencies (already available on the debian stable repo): libtss2-mu0 libtss2-sys1 tpm-udev (plus libtss2-dev for the build phase)


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Related Objects

Event Timeline

ssasso updated the task description. (Show Details)

From the strongswan 5.9.6 changelog:

Actively initiating duplicate CHILD_SAs within the same IKE_SA is now largely prevented. This can happen if trap policies are installed and an IKE_SA with its CHILD_SAs is reestablished (e.g. with break-before-make reauthentication or dpd_action=restart). This does not prevent duplicates if they are initiated by the two peers concurrently.