[strongSwan] How to dynamically add and delete tunnels?
Martin Willi
martin at strongswan.org
Fri Oct 21 09:25:37 CEST 2011
Hi,
> Sadly, this does not work. A minor inconvenience is that strongSwan
> does not like it if the directory is empty, but that is easily solved
> with an empty dummy file. However, it seems that only the first `real'
> configuration file is read, and anything beyond that does not work.
> Also, I had expected that if I remove a configuration file, its tunnel
> goes away, but that doesn't seem to be the case.
No, changing configurations don't affect running connections. You'll
have to issue an "ipsec down" if you want to close them.
> Is this a reasonable way to accomplish my goal?
Depending on how much effort you want to put in this solution and what
you'd like to achieve, you might want to consider implementing a
dedicated plugin. Our IKEv2 daemon allows you to plug in the required
functionality you need, there you'll have ultimate control on what's
happening.
Regards
Martin
More information about the Users
mailing list