<div dir="ltr"><div>So is this the information that I should follow from the wiki:<br><br></div>Is it best to use the NetworkManager plugin?<br><div><h2>Configuration Files</h2>
<p>The configuration files used by strongSwan are as follows:</p>
<ul><li><a href="http://wiki.strongswan.org/projects/strongswan/wiki/IpsecConf" class="">ipsec.conf</a>: provides the configuration of IPsec connections</li><li><a href="http://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets" class="">ipsec.secrets</a>: lists the secrets (pre-shared keys, private keys)</li>
<li><a href="http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectory" class="">ipsec.d</a>: stores certificates and private keys</li><li><a href="http://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf" class="">strongswan.conf</a>: allows one to configure global settings</li>
</ul>
<div class="" id="section-7" title="Edit this section">Other Configuration Sources
</div><p>The configuration may also be loaded from <a href="http://wiki.strongswan.org/projects/strongswan/wiki/SQL" class="">an SQL database</a> or provided by custom plugins like the one used with<br>the <a href="http://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager" class="">NetworkManager plugin</a>.</p>
<div class="" id="section-10" title="Edit this section">Invocation and Maintenance
</div><p>strongSwan is usually controlled with the <a href="http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand" class="">ipsec command</a>. <code>ipsec start</code> will start the <a href="http://wiki.strongswan.org/projects/strongswan/wiki/IpsecStarter" class="">starter daemon</a> which in turn<br>
starts and configures the keying daemon <a href="http://wiki.strongswan.org/projects/strongswan/wiki/Charon" class="">charon</a>.</p>
<p>Connections defined as <a href="http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection" class="">conn sections in ipsec.conf</a> can be started on three different occasions:</p>
<ul><li><strong>On startup</strong>: Connections configured with <em>auto=start</em> will automatically be established when the daemon is started.</li><li><strong>On traffic</strong>: If <em>auto=route</em> is used, IPsec policies for the configured traffic (<em>left|rightsubnet</em>) will be installed and traffic<br>
matching these policies will trigger events that cause the daemon to establish the connection.</li><li><strong>Manually</strong>: A connection that uses <em>auto=add</em> has to be established manually with <code>ipsec up <name></code>. It is also<br>
possible to use <code>ipsec route <name></code> to install policies manually for such connections.</li></ul>
<p>After an SA has been established <code>ipsec down</code> may be used to tear down the IKE_SA or individual CHILD_SAs.</p>
<p>Whenever the <a href="http://wiki.strongswan.org/projects/strongswan/wiki/Ipsecconf" class="">ipsec.conf</a> file is changed it may be reloaded with <code>ipsec update</code> or <code>ipsec reload</code>. Already established<br>
connections are not affected by these commands, if that is required <code>ipsec restart</code> must be used.</p>
<p>If <a href="http://wiki.strongswan.org/projects/strongswan/wiki/Ipsecsecrets" class="">ipsec.secrets</a> or the files in <a href="http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectory" class="">ipsec.d</a> have been changed the <a href="http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand#Reread-Commands" class="">ipsec reread...</a> commands may be used to reload these files.<br>
End-entity certificates placed in <a href="http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectoryCerts" class="">ipsec.d/certs</a> are not reloaded automatically, instead they are loaded whenever referenced<br>
with <em>left|rightcert</em> in a <a href="http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection" class="">conn section</a>. Using the <a href="http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand#Purge-Commands" class="">ipsec purge...</a> commands may be required in order for the new files to be used.</p>
<p>Using the <a href="http://wiki.strongswan.org/projects/strongswan/wiki/Ipseccommand#List-Commands" class="">ipsec list...</a> commands will provide information about loaded or cached certificates, supported algorithms and<br>
loaded plugins.</p><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 1, 2014 at 11:34 AM, Brian Watson <span dir="ltr"><<a href="mailto:brianwatson999999@gmail.com" target="_blank">brianwatson999999@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hi,<br></div> I'm new to StrongSwan and am looking for some good instructions on setting up a VPN between 2 virtual machines running on the same laptop. The wiki pages seem to lay out a lot of different scenarios, but nothing to walk you through the steps necessary to start from scratch. I've downloaded the sw into my Ubuntu machine, but can't find the instructions as to what app to start and what to do next.<br>
<br></div> Any ideas?<br><br></div>Thanks,<br></div> Brian<br></div>
</blockquote></div><br></div>