Package: network-manager-l2tp
Version: 1.20.20-1+b1
Severity: important
When using network-manager-l2tp in combination with strongswan,
since strongswan 6.0.0-1, network-manager-l2tp cannot locate ipsec binary
(/usr/sbin/ipsec) anymore by its current dependencies.
Note the following changes and issues:
Since strongswan 6.0.0-1 [1], "strongswan" metapackage now depends on
"strongswan-swanctl" instead of "strongswan-starter".
[1] (6.0.0-1 accepted in unstable)
https://tracker.debian.org/news/1619835/accepted-strongswan-600-1-source-into-unstable/
/usr/sbin/ipsec is in "strongswan-starter"[2], not in "strongswan-swanctl"[3].
[2] (filelist of "strongswan-starter")
https://packages.debian.org/sid/amd64/strongswan-starter/filelist
[3] (filelist of "strongswan-swanctl")
https://packages.debian.org/sid/amd64/strongswan-swanctl/filelist
network-manager-l2tp attempts to locate /usr/sbin/ipsec [4,5], while depending
on "strongswan" metapackage[6], not depending on "strongswan-starter"
explicitly.
[4] (src/nm-l2tp-service.c line 1982)
https://github.com/nm-l2tp/debian/blob/760b93ea56653e1cf801ce498a855e4e6601a125/src/nm-l2tp-service.c#L1982
[5] (shared/utils.c line 65 )
https://github.com/nm-l2tp/debian/blob/760b93ea56653e1cf801ce498a855e4e6601a125/shared/utils.c#L65
[6] (debian/control line 31 )
https://github.com/nm-l2tp/debian/blob/760b93ea56653e1cf801ce498a855e4e6601a125/debian/control#L31
Although I do not have full context of this package, I suggest fixing
the issue by trying one of these:
1. Explicitly depends on "strongswan-starter" instead of "strongswan"
2. Switch to use "strongswan-swanctl" (although I am not entirely know how
this package does)
Many thanks!
Log snippet of failing VPN connection:
2025-02-23T16:12:50.111027+09:00 debian-20250203 NetworkManager[1237]: <info>
[1740294770.1106]
vpn[0x561c8ecc5690,17d987d5-3bf5-4e44-9eb7-52acbb4ac4d6,"vpn.doubleo.co.kr"]:
starting l2tp
2025-02-23T16:12:50.111141+09:00 debian-20250203 NetworkManager[1237]: <info>
[1740294770.1108] audit: op="connection-activate"
uuid="17d987d5-3bf5-4e44-9eb7-52acbb4ac4d6" name="vpn.doubleo.co.kr" pid=2272
uid=1000 result="success"
2025-02-23T16:12:50.127393+09:00 debian-20250203 nm-l2tp-service[3586]:
nm-l2tp-service (version 1.20.20) starting...
2025-02-23T16:12:50.164248+09:00 debian-20250203 NetworkManager[1237]: <warn>
[1740294770.1640]
vpn[0x561c8ecc5690,17d987d5-3bf5-4e44-9eb7-52acbb4ac4d6,"vpn.doubleo.co.kr"]:
failed to connect: 'Could not find the ipsec binary. Is Libreswan or strongSwan
installed?'
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.15-amd64 (SMP w/22 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages network-manager-l2tp depends on:
ii libc6 2.40-7
ii libglib2.0-0t64 2.83.4-1
ii libnm0 1.50.2-1+b1
ii libnspr4 2:4.36-1
ii libnss3 2:3.108-1
ii libssl3t64 3.4.1-1
ii network-manager 1.50.2-1+b1
ii ppp 2.5.2-1+1
ii strongswan 6.0.0-2
ii xl2tpd 1.3.18-1+b1
network-manager-l2tp recommends no packages.
network-manager-l2tp suggests no packages.
-- no debconf information
