[strongSwan-dev] does connection definition via sql work only for Ikev2?
Martin Willi
martin at strongswan.org
Fri May 9 13:59:03 CEST 2014
Hi,
Please try to keep the discussion on the list, if possible.
> The stroke command does let me add a connection too, but it does not
> let me specify all the parameters. I wonder why this was removed, when
> the old whack command supported it.
It was not explicitly removed, but the stroke tool used to control the
IKE daemon just doesn't have such functionality. Whack did, but the
interface for the old IKEv1 daemon pluto is completely unrelated to
charon.
> Thank you for pointing to vici and how it can be used. I had a look at
> swanctl and saw that it does let me add one single connection, instead
> it loads all the connection in the swanctl.conf. But I can use this as
> an example for writing my own interface to vici.
No, swanctl currently doesn't provide that, but writing your custom
client using libvici shouldn't be that hard.
> I also wonder if it is also possible to send a stroke msg to the
> charon.ctl domain socket to achieve the same behavior?
Of course, that is what the starter process does (see [1]) after parsing
ipsec.conf. But it's not something I'd recommend, as you don't get
usable feedback over that socket, you'd have to somehow parse the output
stream.
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/starter/starterstroke.c
More information about the Dev
mailing list