From 70e7235510930aa5d98b1cf0b8b4599ddb9c6b42 Mon Sep 17 00:00:00 2001
From: Bas van Dijk <v.dijk.bas@gmail.com>
Date: Fri, 3 Aug 2018 16:06:02 +0200
Subject: [PATCH] nixos/doc: add the new strongswan-swanctl service to the
 18.09 release notes

---
 nixos/doc/manual/release-notes/rl-1809.xml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml
index 33026c5cbae..62aaec4ac5d 100644
--- a/nixos/doc/manual/release-notes/rl-1809.xml
+++ b/nixos/doc/manual/release-notes/rl-1809.xml
@@ -81,6 +81,22 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
      routing tables for instance.
     </para>
    </listitem>
+   <listitem>
+    <para>
+      <varname>services.strongswan-swanctl</varname>
+      is a modern replacement for <varname>services.strongswan</varname>.
+      You can use either one of them to setup IPsec VPNs but not both at the same time.
+    </para>
+    <para>
+      <varname>services.strongswan-swanctl</varname> uses the
+      <link xlink:href="https://wiki.strongswan.org/projects/strongswan/wiki/swanctl">swanctl</link>
+      command which uses the modern
+      <link xlink:href="https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md">vici</link>
+      <emphasis>Versatile IKE Configuration Interface</emphasis>.
+      The deprecated <literal>ipsec</literal> command used in <varname>services.strongswan</varname> is using the legacy
+      <link xlink:href="https://github.com/strongswan/strongswan/blob/master/README_LEGACY.md">stroke configuration interface</link>.
+    </para>
+   </listitem>
   </itemizedlist>
  </section>