[strongSwan] 10[CFG] trap not found, unable to acquire reqid 10 and vici query

Tue Aug 4 02:38:19 CEST 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Mohammed,

In the past, the strongSwan team accepted
pull requests, if the code formating and style followed
the guidelines[1][2] for contributing and programming and was licensed under
a compatible license.  As I am not a member of the team,
I cannot make a statement about the situation right now.

I advise to read the the guidelines and wait for a response from a member of the team.

[1] https://wiki.strongswan.org/projects/strongswan/wiki/Contributions
[2] https://wiki.strongswan.org/projects/strongswan/wiki/ProgrammingStyle

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 04.08.2015 um 02:33 schrieb Mohammad Ahmad:
> Hi Noel,
>
> Thank you for the quick response. Do you guys accept Pull Requests? I
> would like to add support for setting the installpolicy to VICI.
>
> Ahmad
>
> On Mon, Aug 3, 2015 at 5:28 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>>
> Hello Mohammed,
>
> VICI does not seem to provide that function - among others -, unlike ipsec.conf.
> You will need to patch strongswan to make that option setable through VICI.
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 04.08.2015 um 02:27 schrieb Mohammad Ahmad:
> >>> Hi,
> >>>
> >>> I am not able to figure out how to set installpolicy=false through the
> >>> vici plugin. There is no installpolicy variable in the child_data_t
> >>> struct in vici_config.c although there is a install policy variable in
> >>> the libcharon config.
> >>>
> >>> How can I set installpolicy=false? I want to add policies manually.
> >>>
> >>> Ahmad
> >>>
> >>> On Thu, Jul 23, 2015 at 3:08 PM, Mohammad Ahmad <mohd.ahmad17 at gmail.com> wrote:
> >>>> Thanks for the help! That solved the problem.
> >>>>
> >>>> Now I am moving on to using the vici plugin!
> >>>>
> >>>> On Thu, Jul 23, 2015 at 10:20 AM, Tobias Brunner <tobias at strongswan.org> wrote:
> >>>>>> Since I am using this in a dynamic environment it is necessary for
> >>>>>> me to add policies manually.
> >>>>>
> >>>>> While a traffic selector based on the triggering packet is also sent to
> >>>>> the peer, this might not work that well.  The daemon does not learn the
> >>>>> policies you install manually, so you probably still have to load them
> >>>>> using left|rightsubnet in auto=route configs.  But you can add/remote
> >>>>> configs dynamically and use `ipsec update` to notify the daemon (this
> >>>>> also works with installpolicy=yes, of course - and similarly via VICI).
> >>>>>
> >>>>>> So variables such as 'keylifetime' need to be added for each conn. I
> >>>>>> assumed there may be a way to define some parameters such as 'rekey'
> >>>>>> margin for all connections.
> >>>>>
> >>>>> No, that has to be added for all connections (it's actually the same for
> >>>>> ipsec.conf, there the parser just "adds" the options in %default to all
> >>>>> other conn sections - the daemon always sees the complete config).
> >>>>>
> >>>>> Regards,
> >>>>> Tobias
> >>>>>
> >>> _______________________________________________
> >>> Users mailing list
> >>> Users at lists.strongswan.org
> >>> https://lists.strongswan.org/mailman/listinfo/users
>
>>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVwAl7AAoJEDg5KY9j7GZYbT8P/0YyE/V8bGOj0qxG2kkw/Znu
TdP+lQRISLBDKhKLjLP70N8MIDehLKIIFV20Hm2DO0DUhNMY1cO2O4WnAIwRly3D
Gr4MxbX3pVEr59Dt7YTyDlqZL9CsU9uVCddvdegsqe8KBEpKVfB/fhS09kyTelm7
+GozQ7osC7XDBU5ar+tvSfWMuGi3reEUz1c00UpVPasHwhGW9ANtgd583EDlXT+9
4No5AUNyWZiRN3fTYUTsfEh0FWnB+01w28/l4dEO53crXB/uL/Y7tux44jv02iC/
Q+xEE7r8dxsVsDncDChXa7ZXWK8prjUZBPdImCE1OLsQ4ohFl82FiRPrUMn0NaE2
lW2r1/pvu1PPWDV63puSx/384d+tqQGxOK2lKXIsy7tKv1Fo0nP6X+sKSoy0P/wC
y+hO5+m4gJ7z5FNqaoVOgqVl6DlanRVkV0mCP+2b9OuNFCVk+oBy7wFbibse5U9t
yOZfyGRncxs1RwzP6edSvMuGN1D4+E0eD1aZQsfZPz4ELdwY2r1Wt3A55qELTqiE
vdKyMJGdJ0kScMN5nqD5m+uTXRlvXLARvASfcdyjqd7zWtu9Mnw7CazHczH2a5Kn
BT2DYsTY3FWdSv7ms+zoQ1EPZiSg4DMnP0PHEUBrsMPiMdG5rM2P0mbtGthoN6oY
rYhJ4rV0/DD/AL14afbV
=c93C
-----END PGP SIGNATURE-----