Hi,
I need to add and delete StrongSwan tunnels to a machine without user
intervention.
The solution I have come up with is to create a special directory, let's call
it /strongswan, and then
put a separate configuration file into /strongswan for each tunnel. To do this
I added an entry
include /strongswan/*.conf
to /etc/ipsec.conf
Adding a tunnel then consists of writing a new file to /strongswan, and saying
ipsec update
Removing a tunnel consists of removing its configuration file from /strongswan,
and saying
ipsec update
update.
Sadly, this does not work. A minor inconvenience is that strongSwan does not
like it if the directory is empty, but that is easily solved with an empty
dummy file. However, it seems that only the first `real' configuration file is
read, and anything beyond that does not work. Also, I had expected that if I
remove a configuration file, its tunnel goes away, but that doesn't seem to be
the case. In fact, some of these tunnels do not go away, no matter what I do,
and only a complete restart of the system helps.
It is quite possible that I'm doing something wrong, but before I start
debugging I would like to ask a few questions: Is this a reasonable way to
accomplish my goal? Is there a better way? Is there perhaps a limitation on the
length of a connection name (so that what I think are two different names is
treated as the same)?
Any help with this would be great.
--
Dr. Ir. Kees van Reeuwijk, Vrije Universiteit Amsterdam
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
