From 70e7235510930aa5d98b1cf0b8b4599ddb9c6b42 Mon Sep 17 00:00:00 2001 From: Bas van Dijk <v.dijk.bas@gmail.com> Date: Fri, 3 Aug 2018 16:06:02 +0200 Subject: [PATCH] nixos/doc: add the new strongswan-swanctl service to the 18.09 release notes --- nixos/doc/manual/release-notes/rl-1809.xml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index 33026c5cbae..62aaec4ac5d 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -81,6 +81,22 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' routing tables for instance. </para> </listitem> + <listitem> + <para> + <varname>services.strongswan-swanctl</varname> + is a modern replacement for <varname>services.strongswan</varname>. + You can use either one of them to setup IPsec VPNs but not both at the same time. + </para> + <para> + <varname>services.strongswan-swanctl</varname> uses the + <link xlink:href="https://wiki.strongswan.org/projects/strongswan/wiki/swanctl">swanctl</link> + command which uses the modern + <link xlink:href="https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md">vici</link> + <emphasis>Versatile IKE Configuration Interface</emphasis>. + The deprecated <literal>ipsec</literal> command used in <varname>services.strongswan</varname> is using the legacy + <link xlink:href="https://github.com/strongswan/strongswan/blob/master/README_LEGACY.md">stroke configuration interface</link>. + </para> + </listitem> </itemizedlist> </section>