[strongSwan] Running multiple charon daemons

Eleouet Francois f.eleouet at gmail.com
Wed May 22 22:16:57 CEST 2013


I'm actually investigating how to run multiple IPsec damons within several
network namespaces.

In the openstack project (an open source cloud computing platform), we
intend to extend virtual networks to the outside world using IPsec. Current
implentation leverages netns to provide routing (with support of
overlapping IPs) between different projects/customers/virtual networks.

As a consequence, we have to start multiple IPsec daemons (one within each
namespace), so that they bind sockets and set-up IPsec SA & SPD in the
right netns. I managed to set up this kind of configuration using pluto as
config, pid and control socket files location can be specified as comand
line options (using --ctlbase --ipsecdir --secretsfile --config...)

Anyway, these variables seems to be hard coded in charon (at ./configure
time). As IKEv2 support is really required, I was wondering if I missed
something. Is there any way to change these parameters on a per-process
basis? Or maybe have you plan to make charon netns aware?

Thanks in advance,
Francois Eleouet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130522/9d69e968/attachment.html>

More information about the Users mailing list