[strongSwan] 10[CFG] trap not found, unable to acquire reqid 10 and vici query

Mohammad Ahmad mohd.ahmad17 at gmail.com
Tue Aug 4 02:27:16 CEST 2015


I am not able to figure out how to set installpolicy=false through the
vici plugin. There is no installpolicy variable in the child_data_t
struct in vici_config.c although there is a install policy variable in
the libcharon config.

How can I set installpolicy=false? I want to add policies manually.


On Thu, Jul 23, 2015 at 3:08 PM, Mohammad Ahmad <mohd.ahmad17 at gmail.com> wrote:
> Thanks for the help! That solved the problem.
> Now I am moving on to using the vici plugin!
> On Thu, Jul 23, 2015 at 10:20 AM, Tobias Brunner <tobias at strongswan.org> wrote:
>>> Since I am using this in a dynamic environment it is necessary for
>>> me to add policies manually.
>> While a traffic selector based on the triggering packet is also sent to
>> the peer, this might not work that well.  The daemon does not learn the
>> policies you install manually, so you probably still have to load them
>> using left|rightsubnet in auto=route configs.  But you can add/remote
>> configs dynamically and use `ipsec update` to notify the daemon (this
>> also works with installpolicy=yes, of course - and similarly via VICI).
>>> So variables such as 'keylifetime' need to be added for each conn. I
>>> assumed there may be a way to define some parameters such as 'rekey'
>>> margin for all connections.
>> No, that has to be added for all connections (it's actually the same for
>> ipsec.conf, there the parser just "adds" the options in %default to all
>> other conn sections - the daemon always sees the complete config).
>> Regards,
>> Tobias

More information about the Users mailing list