With a humongous amount of code added and removed (hundreds of thousands of lines per year) the freedom to study the source code becomes almost moot (too much in one place and changing far too fast)
Summary: StrongSwan on Debian 10 (Buster) is hard; systemd isn't helping, it's mostly getting in the way and as it turns out this is part of a much broader problem introduced by Red Hat's system-wide "D"isruption
"BUSTER" is great! It really is. Well done, Debian team! What a great operating system! Far better than anything which comes out of Microsoft and Apple. I even installed on it all the available desktop environments (bar GNOME). They work. They work very, very well. Polish is noteworthy.
But with claims of perfection no room is left for improvement, so this is going to be a rant. Not about Debian. Not about Red Hat (now IBM), either.
This rant will be focused on one project alone. It's the project one isn't meant to be criticising (without risk of retaliation of some kind). This project probably
stole took a lot of my time (hence not many articles in
Techrights lately).
First of all, let's be clear that Debian 10 works and I am generally happy with many things about it (almost everything worked perfectly out of the box), but when things don't go smoothly, they can be downright distressing and almost impossible to diagnose/debug/resolve.
I think that
the views of Bruce Perens have been clear (when he spoke about it at the end of last year). He focused on reliability aspects. Purely technical aspects.
One thing I've long noticed about systemd is that any system with it takes ages to boot and shut down -- something I've experienced only since systemd was put there by default (the time it takes isn't
slightly longer -- we're talking about something like 4 times longer!).
No wonder Chromebooks don't use systemd...
One could go make oneself coffee while rebooting a machine with systemd... and still be back to an
almost ready system.
But never mind the coffee breaks. Those take only minutes. When things do not work as expected, they can end up taking hours or days to fix.
Consider StrongSwan. I've already spent about 6 hours on this (net time, putting aside distractions). I finally got to the point where I can either get only to the VPN's internal realm or the 'outside world' (not both). I spoke to the developers about it as the subject is very scarcely documented on the Web; there are hardly any Web pages about it (like a HowTo for StrongSwan on Debian 10).
It's hard to debug. Here's some fun with StrongSwan:
And StrongSwan entries in the log:
Does that say what goes wrong? No. Nowhere.
When using older systems I was at least getting some error message showing somewhere, but systemd is truly disruptive to what one already knows. Debian is not Red Hat, but it adopted a massive piece (blob?) of IBM/Red Hat and now needs to grapple with it.
I never had to spend so much time -- with help from technical networking people -- just to set up something reasonably simple.
Judging by what I see online, not only do other Debian users have had similar issues in recent years; those same issues are inherited 'downstream' and by recent versions of Ubuntu and its derivatives. I could cite about half a dozen examples. At times you see reports from entire companies that have issues related to this.
At the moment I have something that
almost works, but I still lack complete and clear documentation to explain what I've done so far to
almost make it work. It has been rather chaotic an experience.
/home/ will soon be conquered by systemd, maybe /var/log/ too (so producing the above will require yet more learning and retraining, maybe coping with new bugs as well).
Whatever one thinks of systemd, it's hard to make or form a fully informed opinion because systemd is vast and it touches almost everything in the system. Maybe it's great and innovative, but the disruption it has caused is very much real and it's hard to believe anyone but Red Hat (now IBM) shareholders will profit from it. Those shareholders probably don't use GNU/Linux themselves, certainly not on their desktops/laptops -- a form factor they almost certainly don't care for as "there's no money on it!" (ask the
Linux Foundation how many people in it even
use the operating system).
Special gratitude and credit goes out to @thermicorp (who helped me in the process).
⬆
