On Friday 2010-09-03 15:28, Gerd v. Egidy wrote: > >> Well, yes and no. In openSUSE 11.3, strongswan is split into >> strongswan-ikev1, strongswan-ikev2, strongswan-ipsec (holds >> ipsec.conf) and strongswan (dummy package holding a requires for -ikev1, >> -ikev2, -ipsec). > >Splitting strongswan like this is what I would consider as good practice for >any distribution. > >> ipsec.conf has been tuned to read >> >> include /etc/ipsec.*.conf > >Is that the default for the SUSE packages?
No it is not the SUSE default. It is a modification of mine -- following the recommendation of ipsec.conf(5)! >I think it would be better to use something like > >include /etc/ipsec.d/*.conf Tell that strongswan ;-) >> And >> placing plutostart=no anywhere may not work well with >> othervpn.noarch.rpm. :) > >Sorry, I don't understand that part. What is othervpn.noarch.rpm for? Well, assume there is one RPM package for each VPN setup. One cannot know in advance that there will be no IKEv1 package installed in the future, so using plutostart=no won't work. _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users