[strongSwan] Running multiple charon daemons
f.eleouet at gmail.com
Thu May 23 17:43:56 CEST 2013
Thank you very much for your prompt answer.
2013/5/23 Martin Willi <martin at strongswan.org>
> Hi Francois,
> > Anyway, these variables seems to be hard coded in charon (at ./configure
> > time). As IKEv2 support is really required, I was wondering if I missed
> > something. Is there any way to change these parameters on a per-process
> > basis?
> No, these paths are hard coded, there are currently no runtime options.
> Unix control sockets are set up by the plugin, and it is quite difficult
> to pass command line arguments to them. So instead we probably should
> just add an option for a strongswan.conf, which then may contain custom
> paths for control sockets, pid file etc.
This would be great!
> Or maybe have you plan to make charon netns aware?
> We had some discussions about integrated netns support, but no,
> currently there are no concrete plans for implementing it (this might
> change if someone is willing to sponsor the development).
I can't figure out how complex that would be, but it may be tricky to
manage several IKE & netkey sockets from a single daemon.
netns context would probably have to be handled in a large part of the
Some other people were talking about that here: http://www.spinics
While investigating using containers to run several daemons, I started
thinking having one isolated userland process per netns could be better
from a security point of view (but more resource consuming, of course). Any
thought on that?
> Kind Regards
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users