[strongSwan-dev] does connection definition via sql work only for Ikev2?
SM K
sacho.polo at gmail.com
Fri May 9 20:06:34 CEST 2014
Hi Martin,
I am sorry that my previous reply was not sent on the list. I must
have hit the reply button instead of reply-all.
I will write my own client using the new VICI interface to allow me to
add one specific connection.
Thank you for pointing me in the right direction.
regards,
sk
On Fri, May 9, 2014 at 4:59 AM, Martin Willi <martin at strongswan.org> wrote:
> Hi,
>
> Please try to keep the discussion on the list, if possible.
>
>> The stroke command does let me add a connection too, but it does not
>> let me specify all the parameters. I wonder why this was removed, when
>> the old whack command supported it.
>
> It was not explicitly removed, but the stroke tool used to control the
> IKE daemon just doesn't have such functionality. Whack did, but the
> interface for the old IKEv1 daemon pluto is completely unrelated to
> charon.
>
>> Thank you for pointing to vici and how it can be used. I had a look at
>> swanctl and saw that it does let me add one single connection, instead
>> it loads all the connection in the swanctl.conf. But I can use this as
>> an example for writing my own interface to vici.
>
> No, swanctl currently doesn't provide that, but writing your custom
> client using libvici shouldn't be that hard.
>
>> I also wonder if it is also possible to send a stroke msg to the
>> charon.ctl domain socket to achieve the same behavior?
>
> Of course, that is what the starter process does (see [1]) after parsing
> ipsec.conf. But it's not something I'd recommend, as you don't get
> usable feedback over that socket, you'd have to somehow parse the output
> stream.
>
> Regards
> Martin
>
> [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/starter/starterstroke.c
>
>
More information about the Dev
mailing list