[strongSwan] ipsec_starter strikes charon for pluto's misdeeds

Jan Engelhardt jengelh at medozas.de
Fri Sep 3 13:53:53 CEST 2010

On Friday 2010-09-03 10:41, Tobias Brunner wrote:

>> 	#config setup
>> 	#nothing here
>Just define
>config setup
>	plutostart=no
>and you should be fine.

Well, yes and no. In openSUSE 11.3, strongswan is split into
strongswan-ikev1, strongswan-ikev2, strongswan-ipsec (holds 
ipsec.conf) and strongswan (dummy package holding a requires for -ikev1, 
-ikev2, -ipsec). ipsec.conf has been tuned to read

 include /etc/ipsec.*.conf

So that our in-house VPN configuration package(s) that provide 
/etc/ipsec.company.conf can be easily installed on top. As 
/etc/ipsec.company.conf contains


company-vpn.noarch.rpm technically only needs a Require on ikev2.-- And 
placing plutostart=no anywhere may not work well with 
othervpn.noarch.rpm. :)

More information about the Users mailing list