strongswan: Invalid dpd_action value 'start' in IPsec swanctl.conf #28583
Description
Package Name
strongswan
Maintainer
OpenWrt Version
24.10.3
OpenWrt Target/Subtarget
x86/64
Steps to reproduce
- Configure an IPsec tunnel
- Set dpdaction to
restart
uci set ipsec.children[-1].dpd_action='restart'
uci commit ipsec
- Restart the tunnel
/etc/init.d/swanctl restart
Expected behavior
The generated configuration /var/swanctl/swanctl.conf should have this value:
dpd_action = restart
Actual Behaviour
The generated configuration /var/swanctl/swanctl.conf has this value instead:
dpd_action = start
According to the official strongSwan swanctl.conf documentation (https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html) , valid values for dpd_action are:
cleartraprestart
The value start is not valid and may cause unexpected behavior or misconfiguration.
Suggested fix
Update the configuration logic to write a valid dpd_action value (restart) instead of start.
root@vm:~# diff -u swanctl /etc/init.d/swanctl
--- swanctl 2025-07-08 12:20:01.083401939 +0200
+++ /etc/init.d/swanctl 2025-07-08 12:20:24.923450986 +0200
@@ -314,7 +314,7 @@
hold)
dpdaction="trap" ;;
restart)
- dpdaction="start" ;;
+ dpdaction="restart" ;;
trap|start)
# already using new syntax
;;
Confirmation Checklist
- The package is maintained in this repository.
- I understand that issues related to the base OpenWrt repository or LuCI repository will be closed.
- I am reporting an issue for OpenWrt, not an unsupported fork.