Package Details: openswan 2.6.50-1

Git Clone URL: (read-only)
Package Base: openswan
Description: Open Source implementation of IPsec for the Linux operating system
Upstream URL:
Licenses: GPL, custom
Conflicts: ipsec-tools
Submitter: Allan
Maintainer: CarstenF
Last Packager: CarstenF
Votes: 140
Popularity: 0.330108
First Submitted: 2009-11-07 14:39
Last Updated: 2018-02-07 15:09

Latest Comments

lineage commented on 2017-03-03 15:59

I've been having trouble with this version (2.6.49) failing to re-key. Connects ok initially but then the tunnel fails when the keylife expires.
xelerance has released a version. I'm now running that and the tunnel seems stable.
You might want to update the package to the new version.

bidulock commented on 2016-09-09 08:10

Note that the package cannot install to the /run directory. Remove the entire $pkgdir/var directory and add the following two lines to the [Service] section of the openswan.service file:


Also, the usr/share/man/man3 directory is empty, remove it in package()

bidulock commented on 2016-09-09 08:07

Note that the update to 2.6.49 commit is still stuck at 2.6.47.

RubenKelevra commented on 2015-10-26 19:59

options=(!makeflags) should be added to the makefile, since setting -j n is very common.

American_Jesus commented on 2015-10-22 23:06

Please revert

Notice from the website:
"If you have downloaded version 2.6.45 or 2.6.44, please revert to version, as 2.6.44 and 2.6.45 have been found to be unstable in certain environments. We are working on a fix."

yochaigal commented on 2015-10-21 20:29

I had to add "-UNSTABLE" to the pkgver call in order to get this to build properly.

ReLaxLex commented on 2015-09-25 13:59

Nice catch BombStrike
I was using -j8, using anything lower than 8 fixes the issue.

Had set MAKEFLAGS="-j8" in /etc/makepkg.conf because 'nproc' returned 8 on my laptop ;-)


BombStrike commented on 2015-09-09 04:56

For those hitting the "fatal error: No such file or directory" error.
Seems like the issue comes from parallel builds on fast CPUs, my guess is that in some rare cases make tries to compile the lexer before bison is done generating it.
Just setting "options=(!makeflags)" in the PKGBUILD should help with those cases.

adambot commented on 2015-08-19 01:54

2.6.44 is released:

dacoit commented on 2015-08-13 13:32

I was able to reproduce the error on gcc-multilib 5.2.0-2 but not on gcc 5.2.0-2 on my x86_64 machine. Not at all sure of the cause.. some kind of bison thing?

ReLaxLex commented on 2015-08-10 06:42


version 2.6.43 fails to build with error:
openswan/src/openswan-2.6.43/lib/libipsecconf/parser.y: warning: 2 shift/reduce conflicts [-Wconflicts-sr]
openswan/src/openswan-2.6.43/lib/libipsecconf/parser.y: warning: 4 reduce/reduce conflicts [-Wconflicts-rr]
openswan/src/openswan-2.6.43/lib/libipsecconf/keywords.c:37:24: fatal error: No such file or directory

Any else seeing this error?
I'm using gcc version 5.2.0 (gcc-multilib 5.2.0-1)


JohRest commented on 2015-01-04 19:33


I'm trying to install openswan from the AUR, but when attempting to deploy the final package via pacman -U I get the following:

Pakete (1) openswan-2.6.42-2

+ deleted some german text with no relevance..

Fehler: Konnte den Vorgang nicht durchführen (In Konflikt stehende Dateien)
openswan: /var/run existiert im Dateisystem

The message says; unable to complete (conflict)
openswan: /var/run is existing in filesystem.

Any hints what to do? The directory indeed does exist... I'm a little bit cautions to simply delete it in order to succeed...

Any advice?

Thanks in advance!


uuwe commented on 2014-11-25 02:50

/usr/lib/openswan/setup is an invalid symlink to /etc/rc.d/ipsec. it's causing some programs that use "ipsec setup" to fail.

here's a patch:

tuxfanou commented on 2014-10-29 14:52

An update is avable from october 21th (2.6.42). Can you update it ?

yan12125 commented on 2014-09-06 14:28

Please separate build commands from package() and put them in build()

msoloi commented on 2013-10-23 10:59

I am trying to add a connection to the ipsec after doing all the configuration in the but I keep getting this message:

connect(pluto_ctl) failed: No such file or directory

If it's looking in the /var/run/pluto it's just an empty directory. What should I do? I can't find any documentation on this anywhere

xjpvictor commented on 2013-08-14 13:03

@caspian Just refer to the README file in the openswan source.

caspian commented on 2013-08-14 09:03

Can anybody please tell me how to enable KLIPS support? I couldn't find any arch related documentation regarding this...

x33a commented on 2013-07-12 06:20

Send a mail to aur-general mailing list, asking them to merge this package with openswan.

xjpvictor commented on 2013-06-16 05:41

@gtmanfred Any benefit of doing so? I mean the ipsec startup script is provided by upstream, so why not using it, easier to maintain.

gtmanfred commented on 2013-06-16 05:06

better systemd service that doesn't require using the old rc.d file from /usr/lib/systemd/scripts

xjpvictor commented on 2013-06-14 16:17

rc.d scripts removed.

@dreur Updated with python2 although I believe upstream should do something to solve it.

Anonymous comment on 2013-06-13 23:23

1) Should depend on python2
2) /usr/lib/openswan/verify should have a she bang point to python2: #!/usr/bin/python2

Thanks :)

Anonymous comment on 2013-06-11 23:38

I would say using "conflict"[1]



fcolista commented on 2013-06-08 15:31

Ok, what's the best way to do it?

Anonymous comment on 2013-06-08 15:27

Flagging it out of date - could you make it clearer to use Openswan instead. Also I am updatig the wiki that is still mentioning this package.

xjpvictor commented on 2013-06-04 12:42

Updated to use /usr/bin

fukawi2 commented on 2013-06-04 01:10

Please update PKGBUILD to install binaries to /usr/bin instead of /usr/sbin in line with recent changes:

fcolista commented on 2013-05-24 18:03

Bah, now actually there's no difference.
Looking at seemst that it hasn't been updated since over a year, i took the package since it was orphan.
Now seems to be alive.
There's no need, then, to use this package.

fauno commented on 2013-05-24 16:56

what's the difference with the "openswan" package?

xjpvictor commented on 2013-04-03 14:17

Dropped and adopted openswan instead.

fcolista commented on 2013-01-18 13:04

Please try this last package.

Severus commented on 2013-01-18 03:09

It doesn't support systemd yet.

fcolista commented on 2012-11-21 21:49

Build correctly. Need test on the road.

dreieck commented on 2012-07-02 15:33

Conflicts with 'ipsec-tools' (file '/etc/rc.d/ipsec'). If openswan's '/etc/rc.d/ipsec' gets renamed, also edit /etc/rc.d/openswan ('openswan.rc.d' in the source tarball) accordingly.

xjpvictor commented on 2012-05-29 07:26

New pkgbuild for version 2.6.38

This version has included a patch to allow android ICS connection which is awesome.

Anonymous comment on 2012-04-12 01:21

pay attention to your comments plz, md5sum is bad though download url worked for me.

Anonymous comment on 2012-03-02 14:14

today on a freshly installed server box (kernel 3.2.8) the compilation did fail unless the package gnupg2 was also installed

xjpvictor commented on 2012-02-26 02:31

The md5 is wrong, it should be e5c948555088df06cfadcfbe6c13adfe
Download url is not working.
Package flex is needed.

slinkygn commented on 2012-02-06 08:06

If that is the case, please add a makedepends=('docbook-xsl') line. (Tested with this modification; builds fine.)

cmb commented on 2012-02-05 01:46

@cambid: Are you active?
This package hasn't been updated in over a year,
and people want to update it.
I'll give you a few days to answer, and if I don't hear anything, I'll orphan

lineage commented on 2012-01-27 22:13

I've just managed to build this package. There are quire a few errors like the one listed by jintian. Having fixed them it builds and version 2.6.32 works with NETKEY on linux version 3.1.9-2-ARCH. By works I mean it connects to an existing system (also openswan, but a different version/platform) using x509 certs.
The fixes are 'lint' issues in openswan so I need to push it back there.

kennytm commented on 2011-11-03 15:46

This package depends on docbook-xsl to build. Otherwise you'll get fail with 'I/O error : Attempt to load network entity'.

Anonymous comment on 2011-09-10 03:43

compilation error: /openswan-2.6.32/programs/showpolicy/showpolicy.c:121:19: error: variable ‘tolen’ set but not used [-Werror=unused-but-set-variable]

intgr commented on 2011-08-25 10:52

cambid, if you can't be bothered to update this package, then please disown it so someone else could do it.

fzerorubigd commented on 2011-08-17 05:08

2.6.35 is compilable to. just change the version and update the md5 array

Anonymous comment on 2011-07-05 14:21

2.6.34 is compilable.

ambala commented on 2011-06-09 09:20

compilation error: /openswan-2.6.32/programs/showpolicy/showpolicy.c:121:19: error: variable ‘tolen’ set but not used [-Werror=unused-but-set-variable]

slot commented on 2010-09-27 09:23

Does not compile here:

compilation error: file /tmp/xmlto-xsl.xMBsHo line 4 element import
xsl:import : unable to load
make[3]: *** [ipsec.conf.5] Fejl 1

fukawi2 commented on 2010-07-29 22:45

Why should they not be added as make-depends? Not everyone installs the 'base-devel' group to be able to use the AUR.

Anonymous comment on 2010-07-29 16:56

do not add flex and bison. it's part of base-devel

fukawi2 commented on 2010-07-15 06:35

And flex too

fukawi2 commented on 2010-07-14 06:24

bison should be a depends too

parky6 commented on 2010-06-24 07:28

You may add docbook-xml and docbook-xsl to dependences, otherwise xml validation fails

Anonymous comment on 2010-05-08 01:20

Compile bombs out:

cc1: warnings being treated as errors
In file included from /tmp/yaourt-tmp-refujee/aur-openswan/openswan/src/openswan-2.6.25/programs/addconn/addconn.c:51:0:
/tmp/yaourt-tmp-refujee/aur-openswan/openswan/src/openswan-2.6.25/include/ipsecconf/confread.h:37:19: error: comparison between ‘enum keyword_string_config_field’ and ‘enum keyword_string_conn_field’