WHY strongswan REMOVED from repository?

Installing and Using OpenWrt
1

this is such a bad practice that makes Openwrt unreliable solution, so think TRIPLE before you jump into it.

2

Why do you think that it has been removed????

3

Apparently it just currently fails to compile for the old 22.03.
(seems to compile ok for 23.05 and main/master)

E.g.

You could perhaps fix it... (this is community effort...)

3 Likes
4

  1. I'm not only one
    Missing strongswan-mod packages
    Strongswan missing from openwrt 22.03 qemu

  2. Because neither opkg nor LuCi show packages anymore. Also all packages were removed from manual downloads from Openwrt website.

  3. What you've sent is github link, I'm talking about repos and/or ready .ipk

1 Like
5

ALSO packages description removed from Openwrt website. Although worked perfectly in 22.03.

https://openwrt.org/packages/pkgdata/strongswan
https://openwrt.org/packages/pkgdata/strongswan-mod-sshkey

ALTHOUGH there were descriptions before, as you may know Google memorizes all:
https://webcache.googleusercontent.com/search?q=cache:TObA5D3usmIJ:https://openwrt.org/packages/pkgdata/strongswan-mod-sshkey&cd=9&hl=en&ct=clnk&gl=us

ALSO excluded from 22.05 release.

AND seems it's someone's decision, so "fixing" it by a "community" would not be possible - packages will disappear again.

1 Like
6

Yes they do, at least on SNAPSHOT:

root@machenry:~# opkg list | grep ^strongswan
strongswan - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This package contains shared libraries and scripts.
strongswan-charon - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This package contains charon, an IKEv2 keying daemon.
strongswan-charon-cmd - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This package contains the charon-cmd utility.
strongswan-default - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This meta-package contains only dependencies to match upstream defaults.
strongswan-full - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This meta-package contains dependencies for all of the strongswan plugins except kernel-libipsec, socket-dynamic and which are omitted in favor of the kernel-netlink and socket-default plugins.
strongswan-gencerts - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This package contains the X.509 certificate generation utility.
strongswan-ipsec - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This package contains the ipsec utility.
strongswan-isakmp - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This meta-package contains only dependencies to establish  ISAKMP / IKE PSK connections, dropping other capabilities in favor of small size  Can fit most routers even with 4Mb flash (after removing IPv6 support).
strongswan-libnttfft - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This package contains the Number Theoretic Transforms library.
strongswan-libtls - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This package contains libtls for strongSwan plugins eap-tls, eap-ttls, eap-peap, tnc-tnccs
strongswan-minimal - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This meta-package contains only dependencies for a minimal IKEv2 setup.
strongswan-mod-addrblock - 5.9.11-1 - StrongSwan RFC 3779 address block constraint support plugin
strongswan-mod-aes - 5.9.11-1 - StrongSwan AES crypto plugin
strongswan-mod-af-alg - 5.9.11-1 - StrongSwan AF_ALG crypto interface to Linux Crypto API plugin
strongswan-mod-agent - 5.9.11-1 - StrongSwan SSH agent signing plugin
strongswan-mod-attr - 5.9.11-1 - StrongSwan file based config plugin
strongswan-mod-attr-sql - 5.9.11-1 - StrongSwan SQL based config plugin
strongswan-mod-bliss - 5.9.11-1 - StrongSwan BLISS crypto plugin
strongswan-mod-blowfish - 5.9.11-1 - StrongSwan Blowfish crypto plugin
strongswan-mod-ccm - 5.9.11-1 - StrongSwan CCM AEAD wrapper crypto plugin
strongswan-mod-chapoly - 5.9.11-1 - StrongSwan ChaCha20-Poly1305 AEAD crypto plugin
strongswan-mod-cmac - 5.9.11-1 - StrongSwan CMAC crypto plugin
strongswan-mod-connmark - 5.9.11-1 - StrongSwan netfilter connection marking plugin
strongswan-mod-constraints - 5.9.11-1 - StrongSwan advanced X509 constraint checking plugin
strongswan-mod-coupling - 5.9.11-1 - StrongSwan IKEv2 plugin to couple peer certificates permanently to authentication plugin
strongswan-mod-ctr - 5.9.11-1 - StrongSwan Counter Mode wrapper crypto plugin
strongswan-mod-curl - 5.9.11-1 - StrongSwan cURL fetcher plugin plugin
strongswan-mod-curve25519 - 5.9.11-1 - StrongSwan Curve25519 Diffie-Hellman plugin
strongswan-mod-des - 5.9.11-1 - StrongSwan DES crypto plugin
strongswan-mod-dhcp - 5.9.11-1 - StrongSwan DHCP based attribute provider plugin
strongswan-mod-dnskey - 5.9.11-1 - StrongSwan DNS RR key decoding plugin
strongswan-mod-drbg - 5.9.11-1 - StrongSwan Deterministic random bit generator plugin
strongswan-mod-duplicheck - 5.9.11-1 - StrongSwan advanced duplicate checking plugin
strongswan-mod-eap-identity - 5.9.11-1 - StrongSwan EAP identity helper plugin
strongswan-mod-eap-md5 - 5.9.11-1 - StrongSwan EAP MD5 (CHAP) EAP auth plugin
strongswan-mod-eap-mschapv2 - 5.9.11-1 - StrongSwan EAP MS-CHAPv2 EAP auth plugin
strongswan-mod-eap-radius - 5.9.11-1 - StrongSwan EAP RADIUS auth plugin
strongswan-mod-eap-tls - 5.9.11-1 - StrongSwan EAP TLS auth plugin
strongswan-mod-farp - 5.9.11-1 - StrongSwan fake arp respsonses plugin
strongswan-mod-fips-prf - 5.9.11-1 - StrongSwan FIPS PRF crypto plugin
strongswan-mod-forecast - 5.9.11-1 - StrongSwan forward multi/broadcast traffic plugin
strongswan-mod-gcm - 5.9.11-1 - StrongSwan GCM AEAD wrapper crypto plugin
strongswan-mod-gcrypt - 5.9.11-1 - StrongSwan libgcrypt plugin
strongswan-mod-gmp - 5.9.11-1 - StrongSwan libgmp plugin
strongswan-mod-gmpdh - 5.9.11-1 - StrongSwan DH-Groups; no libgmp dep plugin
strongswan-mod-ha - 5.9.11-1 - StrongSwan high availability cluster plugin
strongswan-mod-hmac - 5.9.11-1 - StrongSwan HMAC crypto plugin
strongswan-mod-kdf - 5.9.11-1 - StrongSwan KDF/PRF+ plugin
strongswan-mod-kernel-libipsec - 5.9.11-1 - StrongSwan libipsec kernel interface plugin
strongswan-mod-kernel-netlink - 5.9.11-1 - StrongSwan netlink kernel interface plugin
strongswan-mod-ldap - 5.9.11-1 - StrongSwan LDAP plugin
strongswan-mod-led - 5.9.11-1 - StrongSwan LED blink on IKE activity plugin
strongswan-mod-load-tester - 5.9.11-1 - StrongSwan load testing plugin
strongswan-mod-md4 - 5.9.11-1 - StrongSwan MD4 crypto plugin
strongswan-mod-md5 - 5.9.11-1 - StrongSwan MD5 crypto plugin
strongswan-mod-mgf1 - 5.9.11-1 - StrongSwan MGF1 crypto plugin
strongswan-mod-mysql - 5.9.11-1 - StrongSwan MySQL database interface plugin
strongswan-mod-newhope - 5.9.11-1 - StrongSwan New Hope crypto plugin
strongswan-mod-ntru - 5.9.11-1 - StrongSwan NTRU crypto plugin
strongswan-mod-openssl - 5.9.11-1 - StrongSwan OpenSSL crypto plugin
strongswan-mod-pem - 5.9.11-1 - StrongSwan PEM decoding plugin
strongswan-mod-pgp - 5.9.11-1 - StrongSwan PGP key decoding plugin
strongswan-mod-pkcs1 - 5.9.11-1 - StrongSwan PKCS1 key decoding plugin
strongswan-mod-pkcs11 - 5.9.11-1 - StrongSwan PKCS11 key decoding plugin
strongswan-mod-pkcs12 - 5.9.11-1 - StrongSwan PKCS12 key decoding plugin
strongswan-mod-pkcs7 - 5.9.11-1 - StrongSwan PKCS7 key decoding plugin
strongswan-mod-pkcs8 - 5.9.11-1 - StrongSwan PKCS8 key decoding plugin
strongswan-mod-pubkey - 5.9.11-1 - StrongSwan raw public key plugin
strongswan-mod-random - 5.9.11-1 - StrongSwan RNG plugin
strongswan-mod-rc2 - 5.9.11-1 - StrongSwan RC2 crypto plugin
strongswan-mod-resolve - 5.9.11-1 - StrongSwan DNS resolver plugin
strongswan-mod-revocation - 5.9.11-1 - StrongSwan X509 CRL/OCSP revocation plugin
strongswan-mod-sha1 - 5.9.11-1 - StrongSwan SHA1 crypto plugin
strongswan-mod-sha2 - 5.9.11-1 - StrongSwan SHA2 crypto plugin
strongswan-mod-sha3 - 5.9.11-1 - StrongSwan SHA3 and SHAKE crypto plugin
strongswan-mod-smp - 5.9.11-1 - StrongSwan SMP configuration and control interface plugin
strongswan-mod-socket-default - 5.9.11-1 - StrongSwan default socket implementation for charon plugin
strongswan-mod-socket-dynamic - 5.9.11-1 - StrongSwan dynamic socket implementation for charon plugin
strongswan-mod-sql - 5.9.11-1 - StrongSwan SQL database interface plugin
strongswan-mod-sqlite - 5.9.11-1 - StrongSwan SQLite database interface plugin
strongswan-mod-sshkey - 5.9.11-1 - StrongSwan SSH key decoding plugin
strongswan-mod-stroke - 5.9.11-1 - StrongSwan Stroke plugin
strongswan-mod-test-vectors - 5.9.11-1 - StrongSwan crypto test vectors plugin
strongswan-mod-uci - 5.9.11-1 - StrongSwan UCI config interface plugin
strongswan-mod-unity - 5.9.11-1 - StrongSwan Cisco Unity extension plugin
strongswan-mod-updown - 5.9.11-1 - StrongSwan updown firewall plugin
strongswan-mod-vici - 5.9.11-1 - StrongSwan Versatile IKE Configuration Interface plugin
strongswan-mod-whitelist - 5.9.11-1 - StrongSwan peer identity whitelisting plugin
strongswan-mod-wolfssl - 5.9.11-1 - StrongSwan WolfSSL crypto plugin
strongswan-mod-x509 - 5.9.11-1 - StrongSwan x509 certificate plugin
strongswan-mod-xauth-eap - 5.9.11-1 - StrongSwan EAP XAuth backend plugin
strongswan-mod-xauth-generic - 5.9.11-1 - StrongSwan generic XAuth backend plugin
strongswan-mod-xcbc - 5.9.11-1 - StrongSwan xcbc crypto plugin
strongswan-pki - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This package contains the pki tool.
strongswan-swanctl - 5.9.11-1 - StrongSwan is an OpenSource IPsec implementation for the Linux operating system. This package contains the swanctl utility.
7

ALSO packages description removed from Openwrt website. Although worked perfectly in 22.03.

Package descriptions are auto-generated from stable repo contents, so if a package is broken for a prolonged period of time, the description will vanish.

ALSO excluded from 22.05 release.

All 22.03 point releases share the same repos, so if the package fails to build, it will retroactively vanish.

AND seems it's someone's decision, so "fixing" it by a "community" would not be possible - packages will disappear again.

This wasn't a deliberate decision. Apparently an unrelated wolfssl update or change broke the build and the maintainer didn't notice or care to fix it. Or a relevant fix was not backported. Strongswan is maintained in the community feed so it might receive less care than core packages (especially in older branches)

6 Likes
8

1
11140×483 16.7 KB

  1. TNX 4 explanation about how it works, got it.

  2. Is there any way to get also disappeared packages for older releases and archs? (except compiling all myself)

9

Nss-utils + i386 = Illegal instruction - and simple libreswan compilation makes it kinda broken too... at least on i386.

10

Unfortunately I currently cannot even reproduce the build issue using the 22.03 SDK, so the issue most likely is not intentional at all and the maintainer might not even have noticed.

11

AND ALSO - it there any way to "export" .ipk (or in any other form) already installed packages?

12

You can set up your own private mirror, yes

13

To have a local mirror you need initial packages to be downloaded (and not installed) first.
My question was if I can get a package if it is already installed on the router. (reverse operation)

14

You can't.

15

Fix pushed with https://github.com/openwrt/packages/commit/7b6f573fed038e5457c05e9d108ce131eeb74d23, the package should reappear within the next few days.

8 Likes