Libreswan on Debian Wheezy

From Libreswan
Revision as of 08:03, 12 August 2017 by Antony (talk | contribs)
Jump to navigation Jump to search
I am sharing how to compile libreswan 3.21 on Debian Wheezy and the details.

You need 3 workarounds on Wheezy to compile. The workaround for #1 is very
specific to Wheezy (libc < 2.19 and kernel < 3.12). Later distributions
fixed issues #1 and #2. #3 has different workarounds depending on your
libunbound2 version.

1. Debian Wheezy has a conflict between netinet/in.h and linux/in6.h It got
worse by commit 07a01d3 to in libreswan. The issue has a long
history.  It is partly due to UAPI ABI out of sync and partly due to
updating local copy of xfrm.h with commit 07a01d3 while supporting
nic-offload for mellonex cards. We could have worked around 07a01d3,
however, it was easy to keep xfrm.h in sync with kernel UAPI copy 4.12
which seemed to work in most cases(glibc 2.19+ kernel 3.12+); except Wheezy!

                -c /home/build/libreswan/programs/pluto/kernel_netlink.c
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
In file included from
/usr/include/linux/in6.h:30:8: error: redefinition of 'struct in6_addr'
In file included from /home/build/libreswan/linux/include/libreswan.h:212:0,
/usr/include/netinet/in.h:198:8: note: originally defined here

dpkg -S linux/in6.h
linux-libc-dev:amd64: /usr/include/linux/in.h

dpkg -S netinet/in.h
libc6-dev:amd64: /usr/include/netinet/in.h

Package: libc6-dev
Source: eglibc
Version: 2.13-38+deb7u10

The local copy
programs/pluto/linux-copy/linux/xfrm.h is updated linux kernel 4.12

Workaround : remove the following line from

#include <linux/in6.h>

more details about this issue:
If you have glibc 2.19+ you may have flip the two lines in

52 #include "linux/xfrm.h" /* local (if configured) or system copy */
51 #include "libreswan.h" /* before xfrm.h otherwise break on F22 */

With  kernel 3.12 and libc-dev 2.19+ has made more efforts fix this issue

NOTE: Fedora 22 keep the order in kernel_netlink.c

2. /usr/bin/ld: cannot find -lsystemd
collect2: error: ld returned 1 exit status

This error is with. This is not new in 3.21, an old one.
 Package: libsystemd-daemon-dev
 Source: systemd
 Version: 44-11+deb7u5

Workaround: USE_SYSTEMD_WATCHDOG=false e.g. libreswan src directory
echo "USE_SYSTEMD_WATCHDOG=false" >>

FYI: debian stretch seems to have proper libsystemd-dev

3. Wheezy libunbound2 (1.4.17) does not support libevent, (NOTE: this is not
re-compiling issue, you need > 1.5x)

/home/build/libreswan/lib/libswan/unbound.c:187: undefined reference to
collect2: error: ld returned 1 exit status

apt-cache show libunbound2
Package: libunbound2
Source: unbound
Version: 1.4.17-3+deb7u2

Workaround : USE_DNSSEC=false e.g
echo "USE_DNSSEC=false" >>

If you have libunbound version less than 1.5.0 disable is the only way.
libunbound2 1.5.0  above should be compiled with --with-libevent

NOTE: to compile libunbound2 + libevent on Wheezy your best bet is upstream.
unbound-1.6.0 from jessie-backports has unmet dependencies on Wheeezy.
Strech packges is not dowards compaitable.

FYI: libunbound2 related bugs and feature requests to support libevent + in
other distributions.

Debian feature requests

RH bugs RHEL 6.10 RHEL 7.4

Libreswan bug report: