[strongSwan] Dynamic addition/deletion of tunnel configuration in StrongSwan

[Janis Dzerve]

Hi,

I want to create a vpn hub with dynamic config:

- When new tunnel config is added: add a "conn" entry and be ready to
establish a tunnel when initiated by peer.

- When tunnel config is deleted:  delete connection config and break down
any tunnels established associated with the connection.

What are the options to add/delete tunnel configuration while strongswan is
running?
I.e. without breaking existing tunnels while adding/deleting a tunnel
config.

Openswan has "ipsec addconn" and "ipsec auto --delete" commands for this.
By looking at the strongswan docs I found "ipsec update" which I could use
but it does not look very efficient to recreate and reread the ipsec.conf on
each connection add/delete.
Maybe there is a more efficient way to do this so that there is no need to
parse the whole config again and look for changes (which are known in
advance)?

Thank you,
Janis.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110321/099e2a22/attachment.html>