[strongSwan] ipsec_starter strikes charon for pluto's misdeeds
Gerd v. Egidy
lists at egidy.de
Fri Sep 3 16:16:00 CEST 2010
> >> And
> >> placing plutostart=no anywhere may not work well with
> >> othervpn.noarch.rpm. :)
> >
> >Sorry, I don't understand that part. What is othervpn.noarch.rpm for?
>
> Well, assume there is one RPM package for each VPN setup. One cannot
> know in advance that there will be no IKEv1 package installed in the
> future, so using plutostart=no won't work.
We are using configuration-rpms on some systems too. This is one of the cases
where you have to take extra measures to make it work.
In cases like this we usually have a Makefile which creates all configuration-
dependent files. In your case that would be /etc/ipsec.conf. The Makefile
checks all existing configuration files and sets plutostart=yes|no and
charonstart=yes|no accordingly.
This Makefile is included in a base rpm which is required by all the
configuration rpms. Each configuration rpm then calls make in it's %post
section.
Kind regards,
Gerd
--
Address (better: trap) for people I really don't want to get mail from:
jonas at cactusamerica.com
More information about the Users
mailing list