Strongswan 6.0 removing ipsec CLI

Sven Roederer devel-sven at
Tue Apr 13 22:28:43 BST 2021


I already read about deprecating ipsec tool someyears ago and started to use 
swanctl. I hacked some scripts together on one of my nodes to not use ipsec-
cli. (Sadly I stopped at some point, without making it useable outside of my 
"lab" to pubish / share.)
By the time I became a fan of swanctl more and more. Happy to see that you 
made swanctl-config integration to UCI.
So no worries in dropping ipsec-tool way, even it feels like a era is ending 


Am Dienstag, 13. April 2021, 22:19:07 CEST schrieb Philip Prindeville:
> Hi all,
> Word is that strongswan-6.0 will remove the ipsec interface.  No idea how
> many 5.9.x releases will come out before that happens.  Doing some
> prediction based on the past roadmap:
> The cadence in the past has been every 3 months, and typically x.y.3 or
> x.y.4 is the maximum release until 'y' gets bumped.  We're at 5.9.2
> (2021/2/26) currently, so .3 or .4 could be out in 1 month and 4 months,
> respectively.
> With this news, I'm disinclined (and I believe Noel concurs) to put a lot of
> effort into maintaining the ipsec UCI initd scripting.
> I'd rather just focus on adding Wiki documentation on how to tweak your
> /etc/config/ipsec configuration to work with swanctl instead.
> Anyone have an objection to this plan?

More information about the openwrt-devel mailing list