Page MenuHomeVyOS Platform
Create Task
Maniphest T495

IPSec / Charon deprecated keywods
Closed, DuplicatePublicBUG
Actions

Description

Looks like this can hit us when upgrading to newer versions of Debian...

Found via: journalctl -u strongswan

Dec 09 14:34:22 CR1.mucI ipsec[1962]: # deprecated keyword 'interfaces' in config setup
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: # deprecated keyword 'interfaces' in config setup
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: # deprecated keyword 'nat_traversal' in config setup
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: # deprecated keyword 'virtual_private' in config setup
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: # deprecated keyword 'leftnexthop' in conn 'remote-access-win-aaa'
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: # deprecated keyword 'pfs' in conn 'remote-access-win-aaa'
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: PFS is enabled by specifying a DH group in the 'esp' cipher suite
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: # deprecated keyword 'leftnexthop' in conn 'remote-access-mac-zzz'
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: # deprecated keyword 'pfs' in conn 'remote-access-mac-zzz'
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: PFS is enabled by specifying a DH group in the 'esp' cipher suite
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: # deprecated keyword 'leftnexthop' in conn 'remote-access'
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: # deprecated keyword 'pfs' in conn 'remote-access'
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: PFS is enabled by specifying a DH group in the 'esp' cipher suite
Dec 09 14:34:22 CR1.mucI ipsec_starter[1962]: ### 9 parsing errors (0 fatal) ###
Dec 09 14:34:22 CR1.mucI ipsec[1962]: # deprecated keyword 'nat_traversal' in config setup
Dec 09 14:34:22 CR1.mucI ipsec[1962]: # deprecated keyword 'virtual_private' in config setup
Dec 09 14:34:22 CR1.mucI ipsec[1962]: # deprecated keyword 'leftnexthop' in conn 'remote-access-win-aaa'
Dec 09 14:34:22 CR1.mucI ipsec[1962]: # deprecated keyword 'pfs' in conn 'remote-access-win-aaa'
Dec 09 14:34:22 CR1.mucI ipsec[1962]: PFS is enabled by specifying a DH group in the 'esp' cipher suite
Dec 09 14:34:22 CR1.mucI ipsec[1962]: # deprecated keyword 'leftnexthop' in conn 'remote-access-mac-zzz'
Dec 09 14:34:22 CR1.mucI ipsec[1962]: # deprecated keyword 'pfs' in conn 'remote-access-mac-zzz'
Dec 09 14:34:22 CR1.mucI ipsec[1962]: PFS is enabled by specifying a DH group in the 'esp' cipher suite
Dec 09 14:34:22 CR1.mucI ipsec[1962]: # deprecated keyword 'leftnexthop' in conn 'remote-access'
Dec 09 14:34:22 CR1.mucI ipsec[1962]: # deprecated keyword 'pfs' in conn 'remote-access'
Dec 09 14:34:22 CR1.mucI ipsec[1962]: PFS is enabled by specifying a DH group in the 'esp' cipher suite
Dec 09 14:34:22 CR1.mucI ipsec[1962]: ### 9 parsing errors (0 fatal) ###

Details

Difficulty level
Hard (possibly days)
Version
VyOS 999.201712091350
Why the issue appeared?
Will be filled on close

Related Objects

Event Timeline

c-po created this task.Dec 9 2017, 3:07 PM
c-po updated the task description. (Show Details)
syncer triaged this task as Low priority.Dec 21 2017, 9:05 PM
Line2 added a subscriber: Line2.May 22 2018, 9:11 AM

in VyOS-1.2.0-rolling+201805220337 with latest strongsSwan only one deprecated keyword is remaining:

May 22 10:56:17 vyos-test ipsec[1741]: # deprecated keyword 'interfaces' in config setup
c-po mentioned this in T767: IPSEC deprecated keyword 'interfaces' in config setup.Aug 8 2018, 4:19 PM
c-po closed this task as a duplicate of T767: IPSEC deprecated keyword 'interfaces' in config setup.
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS-1.2.0-GA; removed VyOS 1.2 Crux.Oct 15 2018, 11:06 PM
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.Oct 15 2018, 11:58 PM