[strongSwan] strongSwan, swanctl and systemd
Martin Willi
martin at strongswan.org
Mon Jul 14 09:15:42 CEST 2014
Hi Noel,
> The solution for this is to insert an "sd_notify()" after strongSwan
> forked all the worker threads.
We have some definite plans to introduce native systemd support having
status notifications, socket activation and all the other neat stuff
systemd brings. Most likely this will be implemented as dedicated daemon
binary, based on libcharon, but specific for use with systemd. This can
simplify installations a lot when using swanctl as backend.
Not sure yet what will be the best approach, maybe ExecStartPost= or
something works when using sd_notify() to properly update daemon status.
> ExecStart=/usr/bin/swanctl --load-creds
> ExecStart=/usr/bin/swanctl --load-pools
You may experiment with ExecStartPost= and sd_notify() tweaks, maybe it
works. Alternatively, you may just use the new start-scripts hook for
now to invoke swanctl; charon invokes these commands once it has started
up. In strongswan.conf, add something like:
> charon {
> start-scripts {
> swanctl-creds = swanctl --load-creds --noprompt
> swanctl-pools = swanctl --load-pools
> swanctl-conns = swanctl --load-conns
> }
> }
Best regards
Martin
More information about the Users
mailing list