[strongSwan] plugins, default enabled or not

Cindy Moore ctmoore at cs.ucsd.edu
Wed Dec 10 22:14:33 CET 2014


The kittens are safe!

On Wed, Dec 10, 2014 at 1:06 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Cindy,
>
> Under the assumption that all your program code regarding strongSwan comes from the repo,
> the answer is yes. Do not mix parts from the repo and self compiled stuff. Bad things might happen
> and kittens could be killed.
>
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 10.12.2014 um 22:07 schrieb Cindy Moore:
>> That part I understand.  The part I *don't* understand is what
>> installing extra modules from Ubuntu's 14.04 repository does.
>>
>> Does that mean I can then make use of those plugins (and then
>> configure them via the snippets in strongswan.d/charon/ ) ?
>>
>> In other words, is
>> apt-get install strongswan strongswan-plugin-ldap strongswan-plugin-xauth-noauth
>>
>> equivalent to
>> ./configure ... --enable-xauth-pam --enable-xauth-noauth
>> make
>> make install
>>
>> (leaving aside the strongswan version of course)
>>
>> On Wed, Dec 10, 2014 at 12:50 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>>>
>> Hello Cindy,
>>
>> What do you mean with 'Enable those two options'? Are you referring to
>> the files in '/etc/strongswan.d/'? Those packets just provide the plugins.
>> Those do not enable them. If you use modular loading[1] and not a custom
>> 'charon.load' [2], you need to enable the modules in their respective configuration
>> file in '/etc/strongswan.d/' to make them get loaded. If you do not use modular loading [1]
>> and do not use a custom 'charon.load' [2] line, the plugins get loaded automaticly.
>> If you do not use modular loading [1] and use a custom 'charon.load' line, you need
>> to add those plugins to the 'charon.load' line, if they are not already included in it.
>>
>> The plugin list [3], as described by the table header, describes what plugins are
>> enabled by default ('x' in the column with title 'E') in the configuration script and
>> hence are built by default if you don't disable them,
>> what plugins are stable ('s' in the column with title 'S'), what plugins are in developement ('d'
>> in the column with title 'S') and what plugins are experimental ('e' in the column with title 'S').
>>
>> The configuration script in the sources configure the sources to build all the executables, documentation and
>> shared objects (libraries) that you want. The configuration in '/etc/strongswan.d/' and '/etc/strongswan.conf'
>> offer to option to basicly enable, disable and configure the plugins after you already installed strongSwan.
>>
>> I hope this helped.
>>
>> [1] Have charon.load_modular not set or set to 'no' in '/etc/strongswan.conf'
>> [2] The 'charon.load' line is configured in '/etc/strongswan.conf' and contains the
>>      plugins that are to be loaded by charon.
>> [3] https://wiki.strongswan.org/projects/strongswan/wiki/PluginList
>>
>> Mit freundlichen Grüßen/Regards,
>> Noel Kuntze
>>
>> GPG Key ID: 0x63EC6658
>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>
>> Am 10.12.2014 um 21:39 schrieb Cindy Moore:
>> >>> So I'm a little confused.  I know that there's a list of automatically
>> >>> enabled options and so on, as detailed here
>> >>> https://wiki.strongswan.org/projects/strongswan/wiki/PluginList
>> >>>
>> >>>
>> >>> On ubuntu, the following
>> >>> apt-get install strongswan strongswan-plugin-ldap strongswan-plugin-xauth-noauth
>> >>>
>> >>> would still not enable those two options (that are listed only as s
>> >>> for stable, but not E for default enabled)?  Then why even offer
>> >>> those?  What am I missing here?
>> >>> _______________________________________________
>> >>> Users mailing list
>> >>> Users at lists.strongswan.org
>> >>> https://lists.strongswan.org/mailman/listinfo/users
>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.strongswan.org
>>> https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJUiLXMAAoJEDg5KY9j7GZY/ToP/RJjuSoOUhaSYqJCMAlD496u
> dyQNVfqTvruTeBirgRWda685i36ylIQxCgYg40kkCcsvWayawzkn+VvvuddH9bCJ
> 6ESa1QiOGfmMw4DihaI1ZBtpi4OiQwmi9rMdZy5PrwU/LENgPDNICGJOLfeCAeAL
> 3ZUxObLcl7jV944MYfCRHeJen63IZd7b6Bvx1XyNpnKpXGQYg6ImRGACoev55WsQ
> k3uxV5ulNHuto9LW0wBzx6VkWl+1NFTn1W+8Bo9mGV3L5ye1BSl5C6AxMdtpnKF5
> E5qHEdtWGczr3oh3F0jwjmwaSrtu7fpDZW4odG879Q9XWZp/l/ZBfv8tXWEybdRc
> x9N3Ux+ZCHiNnzJk0heqZJpurZHV0AVuMB/n9/C8kWnzXj+cJWDqPiV+k32XYELv
> VPuHsmwIstSYFUFZ/8jpFEZ1D5RIhv6oEi7+71iqBJmkGqLU8UlniqbBD8xCw9hn
> jMlYzdB5fJwiUcc84ais5/i/KMaq/PRJgKs4xLKI3XUVwNYM+HR6XdOghrhBUyAO
> nsCM89PP5s3dGznN86V4dbEX453Qu5fOsGhXjdxf9260Aodfl99Q4hZCEZOsJ3Dt
> ZJ/5he/CKx/EQo8G/QbEs4F4o2ehMliTomSWy3h6QMtIG29UU17SdqNoe3UyuY+1
> rgvf8mqesyq8lwORB8Pn
> =nobo
> -----END PGP SIGNATURE-----
>


More information about the Users mailing list