[strongSwan] Creating an ad-hoc tunnel with charon-cmd?

[reeuwijk]

Hi,

When I saw charon-cmd mentioned in the 5.1.0 announcement, I thought it would solve a long-standing problem I have with strongSwan: how do you create ad-hoc tunnels? That is, give two arbitrary machines from a large pool of machines, how do you create a tunnel between the two? We can assume that strongSwan is installed on the two machines, and that we can get command-line access to the machines, but we cannot list all the machines beforehand.

The problem is that we cannot put the necessary info in the strongswan.conf of the two machines, since we don't know the IP address of the other side at the time the strongSwan daemon starts. I had hoped that charon-cmd would dynamically add and remove entries in strongswan.conf, but that's not how it works. Also, since charon-cmd is not willing to wait for the other side of the connection, one of the sides must have a config file mentioning the other side, but that is impractical in my circumstances.

Have I overlooked something, and is there a way to implement this functionality,  or do I have to look elsewhere for this?

-- 
Dr. Ir. Kees van Reeuwijk, Vrije Universiteit Amsterdam