[strongSwan] strongswan.conf dynamic change

Martin Willi martin at strongswan.org
Thu Feb 24 16:57:02 CET 2011

Hi Christophe,

> I was just wondering if charon (or starter) can be made to reload the 
> strongswan.conf file in case it changed.

No, currently not.

> I guess this is complex, since the list of plugins or their 
> configuration may have changed

It is indeed very complex to change many of the configuration options. A
lot of data structures and resources are created depending on
strongswan.conf options. "Updating" would actually mean recreating or
changing these resources while our multi-threaded daemon is using them.

We have introduced, however, some basic support for setting
strongswan.conf options during runtime (see the set_*() methods and
load_files() in libstrongswan/settings.h). I even had some plans to
attach different backends to the settings provider (i.e. read from a
relational database). But all this requires that the consumer rereads
these keys. This is not the case for many of them.

> I condemned to restart charon (ipsec restart)?

Depends on what keys you actually want to update. Rereading
strongswan.conf wouldn't be too difficult. But applying new values might
be, depending on the key that gets changed.


More information about the Users mailing list