# Strongswan 4.1.4 ebuild

## Flow__

Hi all,

is there a overlay with an strongswan 4.1.4 ebuild?

Regards

Flow

----------

## Pylon

I just added strongswan-4.1.6 to the official portage-tree.  Feedback is always welcome  :Smile: 

Sorry for the long delay.

----------

## norbert

Please add the ~amd64 keyword to your ebuild. The build and install steps are successfull.

thank you,

norbert

----------

## Karotte

hi

i could use some help with installing the strongswan 4.1.6 package, or better, some after-install-help

emerging works like a charm, doesnt complain about nothing, but after that my so far unresolvable problem starts:

```

 /etc/init.d/ipsec start

 * Service ipsec starting

/usr/sbin/ipsec: unknown IPsec command `_confread' (`ipsec --help' for list)

ipsec_setup: /usr/sbin/ipsec: unknown IPsec command `_realsetup' (`ipsec --help'

 for list)                                                                [ !! ]

 * ERROR:  ipsec failed to start

```

i started searching around, but nothing on the web remotely explained, what to do, and i'm no scripting hacker, but i seems to me, that two commands, _confread and _realsetup don't exist.

thanks for help

----------

## sqls

I am receiving the exact same error.  I just yesterday upgraded from Strongswan 2.8.4 to 4.1.6 using the Gentoo ebuild.  As a work around I am starting and stopping Strongswan with the ipsec command instead of the gentoo init script.  You can just type ipsec start, ipsec stop, or ipsec restart.   ipsec --help would give you all the options.  I have migrated my current configuration fully where it's working with 4.1.6.  Next I am going to try and move to IKEv2.  I have a howto documentation that's becoming rather lengthly on Linux VPN with Strongswan that might be of help as well (link below).  

http://sqls.net/wiki/HOWTO:_Gentoo_Linux_L2TP/IPSEC_VPN_w/_Active_Directory/Radius/X.509_serving_Windows_XP/Vista_Clients

----------

## norbert

The ebuild works in my test enviroment with certificat based authentification, ikev2 and maximum encryption.

```
config setup

        # plutodebug=all

        # crlcheckinterval=600

        # strictcrlpolicy=yes

        # cachecrls=yes

        # nat_traversal=yes

        # charonstart=no

        plutostart=no

# Add connections here.

conn %default

        auto=start

        keyexchange=ikev2

        left=%defaultroute

        # paranoid settings

        ike=aes256-sha2_512-modp8192

        esp=aes256-sha2_256

        dpdaction=hold

```

----------

