[strongSwan] strongswan ikev1 and ikev2 together with different strongswan.conf
Noel Kuntze
noel at familie-kuntze.de
Wed Feb 17 17:50:16 CET 2016
> Hi,
>
> thanks for your reply.
> so do you meant that two instances of charon daemon can't be run together two support ikev1 and ikev2 with different strongswan.conf ?
> is it possible to change the strongswan and ipsec conf file path during compilation or configure and then we can have them running with different strongswan.conf
>
>
> thanks !
> Best Regards,
> Deepak
You can run two instances of charon, if you specify different pid files for them (or don't use ipsec starter).
You can change the path to strongswan.conf and ipsec.conf during compilation, afair there are now also settings to
change the path during runtime.
But you don't have any guarantees or safety when running them concurrently. Both of the daemons operate
on UDP port 500 and 4500, therefore you can only have on running at a time, except if you explicitely use different ports
for IKEv1 and IKEv2, which is against any standardization (and would require even more fancy compile time flags).
They also both operate on the same SAD and SPD. Hence that obviously will not work.
There is no code that ensures interoperability between two concurrent charon daemons. All hands are off.
Weird things will happen and you will have more problems.
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160217/975e4dbe/attachment-0001.pgp>
More information about the Users
mailing list