[strongSwan] ipsec_starter strikes charon for pluto's misdeeds

Gerd v. Egidy lists at egidy.de
Fri Sep 3 16:16:00 CEST 2010

> >> And
> >> placing plutostart=no anywhere may not work well with
> >> othervpn.noarch.rpm. :)
> >
> >Sorry, I don't understand that part. What is othervpn.noarch.rpm for?
> Well, assume there is one RPM package for each VPN setup. One cannot
> know in advance that there will be no IKEv1 package installed in the
> future, so using plutostart=no won't work.

We are using configuration-rpms on some systems too. This is one of the cases 
where you have to take extra measures to make it work.

In cases like this we usually have a Makefile which creates all configuration-
dependent files. In your case that would be /etc/ipsec.conf. The Makefile  
checks all existing configuration files and sets plutostart=yes|no and 
charonstart=yes|no accordingly.

This Makefile is included in a base rpm which is required by all the 
configuration rpms. Each configuration rpm then calls make in it's %post 

Kind regards,


Address (better: trap) for people I really don't want to get mail from:
jonas at cactusamerica.com

More information about the Users mailing list