The description about the implications of the 'non-root' USE-flag were not updated in the strongswan-5.0.0.ebuild. This could lead to people enabling root privileges were this is not necessary anymore.
Charon, in contrast with pluto, handles routing internally and thus no more requires root privileges for that. Pluto did and thus required these elevated privileges. The description (somewhat incorrectly now) states that this is still required.
The cause of all this is the fact that charon has been taught to deal with ikev1 and pluto has been removed. Effectively it's a merge of pluto into charon.
I have attached an untested patch that fixes this (along with other minor cosmetic changes).
Is it an idea to create an /etc/sudoers.d/strongswan file and modify ipsec.conf if non-root is enabled? At first we disable the /etc/sudoers.d/strongswan and provide instructions on how to enable it if elevated privileges are required. Is that an 'allowed/correct idea'?
Created attachment 316867 [details, diff]
Strongswan-5.0.0.ebuild patch correcting the issue (please check!)
This is the first time a created an .ebuild patch. Please check carefully.
Bugzilla says: CC: email@example.com did not match anything