<div dir="ltr">Hi Noel,<div>Thanks for your reply but I am not sure I completely understood your answer.</div><div><br></div><div>While waiting for a reply to my question, I tried this though:</div><div><br></div><div>1) Downloaded strongswan-starter deb file. Unpacked it.</div><div>2) Changed IPSEC_PIDDIR in usr/sbin/ipsec file to point to /etc/ipsec.d/run (rather than /var/run) </div><div>3) Re-built the deb file</div><div>4) Installed this new deb file on my ubuntu 14.04 host</div><div>5) Now ipsec binary does report piddir to be the changed location:</div><div><br></div><div>a@strongswan3:~$ sudo ip netns exec blue ipsec --piddir<br></div><div><div>/etc/ipsec.d/run</div></div><div><br></div><div>But charon seems to still think the piddir is /var/run and hence wouldn't start the second instance.</div><div><br></div><div><div>a@strongswan3:~$ sudo ip netns exec red ipsec start</div><div>Starting strongSwan 5.1.2 IPsec [starter]...</div><div>charon is already running (/var/run/charon.pid exists) -- skipping daemon start</div><div>starter is already running (/var/run/starter.charon.pid exists) -- no fork done</div></div><div><br></div><div>So obviously charon is getting its piddir from somewhere else. I am looking for source code to modify such that charon's piddir is not hardcoded to /var/run (as it currently seems to be). I'd like to make it modifiable via either a command line, conf file or some other similar way. Perhaps I may be okay to even hardcode it in my private .deb file to be /etc/ipsec.d/run rather than /var/run.</div><div><br></div><div>Is there any pointer to achieving this? Requiring install from source code and modifying ./configure options to change piddir is just a no-go for me unfortunately.</div><div><br></div><div>Thank you.</div><div>Piyush</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 26, 2017 at 11:23 AM, Noel Kuntze <span dir="ltr"><<a href="mailto:noel.kuntze@thermi.consulting" target="_blank">noel.kuntze@thermi.consulting</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You can't do that when you start charon using "ipsec" (which implicitely calls "ipsec starter".<br>
You can do it with charon-systemd, though (but then you need to start it using systemd and you get a similiar problem).<br>
<span class=""><br>
On <a href="tel:26.04.2017%2020" value="+12604201720">26.04.2017 20</a>:11, Piyush Agarwal wrote:<br>
> Hi,<br>
> I need to run multiple ipsec charon daemons in multiple mininet namespaces (perhaps some semantics change from ip namespaces).<br>
><br>
</span>> Sure enough, on following steps from <a href="https://wiki.strongswan.org/projects/strongswan/wiki/Netns" rel="noreferrer" target="_blank">https://wiki.strongswan.org/<wbr>projects/strongswan/wiki/Netns</a> (including piddir change), I could get multiple charon daemons running with*ip network namespaces*.<br>
<span class="">><br>
> I am not trying to achieve two things:<br>
> 1) Run multiple charon daemons with mininet namespaces<br>
> 2) Be able to do so without requiring piddir configuration option change.<br>
><br>
> Regarding (1): I am not sure if mininet namespaces provide for bind mounting anything /etc/netns/<namespace name>/ to /etc/ for the process running in that network namespace -- if it doesn't, I will bind mount manually before starting charon/ipsec. So this should be okay.<br>
><br>
> But, I am trying to find how I can do away the piddir configuration change and make it work directly from the deb file install. Is there no way to achieve this? No environment variable that can be set?<br>
><br>
> Appreciate any comments/directions/pointers.<br>
><br>
> Thank you.<br>
> Piyush<br>
><br>
><br>
> --<br>
> Piyush Agarwal<br>
> Life can only be understood backwards; but it must be lived forwards.<br>
><br>
><br>
</span>> ______________________________<wbr>_________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br>
> <a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/<wbr>mailman/listinfo/users</a><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Noel Kuntze<br>
IT security consultant<br>
<br>
GPG Key ID: 0x0739AD6C<br>
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C<br>
<br>
<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><span style="font-size:12.8px">Piyush Agarwal</span><br></div><div><span style="color:rgb(17,17,17)"><font face="arial, helvetica, sans-serif" size="2">Life can only be understood backwards; but it must be lived forwards.</font></span><br></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>