[strongSwan] ipsec_starter strikes charon for pluto's misdeeds
Jan Engelhardt
jengelh at medozas.de
Fri Sep 3 13:53:53 CEST 2010
On Friday 2010-09-03 10:41, Tobias Brunner wrote:
>> #config setup
>> #nothing here
>
>Just define
>
>config setup
> plutostart=no
>
>and you should be fine.
Well, yes and no. In openSUSE 11.3, strongswan is split into
strongswan-ikev1, strongswan-ikev2, strongswan-ipsec (holds
ipsec.conf) and strongswan (dummy package holding a requires for -ikev1,
-ikev2, -ipsec). ipsec.conf has been tuned to read
include /etc/ipsec.*.conf
So that our in-house VPN configuration package(s) that provide
/etc/ipsec.company.conf can be easily installed on top. As
/etc/ipsec.company.conf contains
keyexchange=ikev2
company-vpn.noarch.rpm technically only needs a Require on ikev2.-- And
placing plutostart=no anywhere may not work well with
othervpn.noarch.rpm. :)
More information about the Users
mailing list