Page MenuHomeVyOS Platform
Create Task
Maniphest T5754

Update to StrongSwan 5.9.11
Closed, ResolvedPublic
Actions

Description

Update StrongSwan to 5.9.11

https://github.com/strongswan/strongswan/releases/tag/5.9.11

Currently we are using 5.9.8, and there is some security fixed is 5.9.10 related to certificate validation.
But since 5.9.11 has been released, and fixes some regressions introduced in 5.9.10, I have selected that as the target version instead.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Package upgrade

Event Timeline

GurliGebis created this task.Nov 16 2023, 8:49 PM
GurliGebis created this object in space S1 VyOS Public.
GurliGebis added a comment.Nov 16 2023, 8:54 PM

PR: https://github.com/vyos/vyos-build/pull/457

pasik added a subscriber: pasik.Nov 16 2023, 8:55 PM
fernando triaged this task as Normal priority.Nov 17 2023, 5:42 PM
fernando changed the task status from Open to Needs testing.Nov 17 2023, 6:01 PM
fernando added a subscriber: fernando.

Do you tested it ? using our current rolling-release

GurliGebis added a comment.Nov 17 2023, 9:29 PM

Hey @fernando - yes, I tested it with two routers in a test environment, with the following setup: https://docs.vyos.io/en/latest/configuration/vpn/site2site_ipsec.html

It works the same as the existing version included in the current rolling release iso.

GurliGebis added a comment.Nov 24 2023, 9:29 PM

Backport to 1.4?

Viacheslav added a project: VyOS 1.5 Circinus.Nov 25 2023, 8:29 AM
Viacheslav moved this task from Need Triage to Backport Candidates on the VyOS 1.5 Circinus board.
c-po added a subscriber: c-po.Feb 26 2024, 6:46 AM

1.4 and 1.5 run on strongswan 5.9.11

c-po closed this task as Resolved.Feb 26 2024, 6:46 AM
c-po assigned this task to GurliGebis.
c-po moved this task from Need Triage to 1.4.0-epa1 on the VyOS 1.4 Sagitta board.
c-po edited projects, added VyOS 1.4 Sagitta (1.4.0-epa1); removed VyOS 1.4 Sagitta.
c-po moved this task from Backport Candidates to Finished on the VyOS 1.5 Circinus board.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa1) board.