[strongSwan] strongswan.conf dynamic change

Christophe Gouault christophe.gouault at 6wind.com
Thu Feb 24 17:09:21 CET 2011


Hi Martin,

Martin Willi wrote:
> Hi Christophe,
>
>   
>> I was just wondering if charon (or starter) can be made to reload the 
>> strongswan.conf file in case it changed.
>>     
>
> No, currently not.
>
>   
>> I guess this is complex, since the list of plugins or their 
>> configuration may have changed
>>     
>
> It is indeed very complex to change many of the configuration options. A
> lot of data structures and resources are created depending on
> strongswan.conf options. "Updating" would actually mean recreating or
> changing these resources while our multi-threaded daemon is using them.
>   
yes, this confirms my thoughts :)
> We have introduced, however, some basic support for setting
> strongswan.conf options during runtime (see the set_*() methods and
> load_files() in libstrongswan/settings.h). I even had some plans to
> attach different backends to the settings provider (i.e. read from a
> relational database). But all this requires that the consumer rereads
> these keys. This is not the case for many of them.
>
>   
>> I condemned to restart charon (ipsec restart)?
>>     
>
> Depends on what keys you actually want to update. Rereading
> strongswan.conf wouldn't be too difficult. But applying new values might
> be, depending on the key that gets changed.
>   
I was thinking of changing the radius server parameters (add/delete a 
server, or change some of its parameters like the shared secret).
> Regards
> Martin
>   
Thanks and Regards,
Christophe.




More information about the Users mailing list