[strongSwan] ipsec_starter strikes charon for pluto's misdeeds
Jan Engelhardt
jengelh at medozas.de
Fri Sep 3 15:53:34 CEST 2010
On Friday 2010-09-03 15:28, Gerd v. Egidy wrote:
>
>> Well, yes and no. In openSUSE 11.3, strongswan is split into
>> strongswan-ikev1, strongswan-ikev2, strongswan-ipsec (holds
>> ipsec.conf) and strongswan (dummy package holding a requires for -ikev1,
>> -ikev2, -ipsec).
>
>Splitting strongswan like this is what I would consider as good practice for
>any distribution.
>
>> ipsec.conf has been tuned to read
>>
>> include /etc/ipsec.*.conf
>
>Is that the default for the SUSE packages?
No it is not the SUSE default. It is a modification of mine -- following
the recommendation of ipsec.conf(5)!
>I think it would be better to use something like
>
>include /etc/ipsec.d/*.conf
Tell that strongswan ;-)
>> And
>> placing plutostart=no anywhere may not work well with
>> othervpn.noarch.rpm. :)
>
>Sorry, I don't understand that part. What is othervpn.noarch.rpm for?
Well, assume there is one RPM package for each VPN setup. One cannot
know in advance that there will be no IKEv1 package installed in the
future, so using plutostart=no won't work.
More information about the Users
mailing list