[strongSwan] Using just charon
Andreas Steffen
andreas.steffen at strongswan.org
Sat Jul 18 12:26:22 CEST 2015
Hi Ahmand,
no, just start charon itself:
/usr/libexec/ipsec/charon &
If you have an Ubuntu or Debian platform you can use the attached
/etc/init.d/charon runlevel script and start and stop the daemon
with
sudo service charon start
sudo service charon stop
If you have Fedora or some other OS supporting systemd then you
can use the charon-systemd daemon variant.
Best regards
Andreas
On 07/18/2015 12:12 PM, Mohammad Ahmad wrote:
> Hey Andreas,
>
> Thank you for response. Quick followup, I need to run 'ipsec start'
> with the sample configuration file you have shared to start charon in
> the background?
>
> I apologize for asking very basic questions. I'm just getting started
> with strongswan.
>
>
> On Sat, Jul 18, 2015, 2:46 AM Andreas Steffen
> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
> wrote:
>
> Hi Ahmad,
>
> if you intend to use the vici plugin then you need neither
> starter nor stroke. Just start the charon daemon in the
> background. The minimum of plugins you need are e.g.
>
> https://www.strongswan.org/uml/testresults/swanctl/rw-cert/moon.strongswan.conf
>
> Best regards
>
> Andreas
>
> On 07/18/2015 04:26 AM, Mohammad Ahmad wrote:
> > Hi,
> >
> > I want to run charon and plan to speak to it using a vici plugin I am
> > developing.
> > With racoon, I run racoon -f /path/to/config but with charon, I see a
> > number of tools that can be used to achieve this, stroke, starter,
> > ipsec but am unsure which one will require the minimum number of
> > packages to be installed (I want to keep that to a minimum).
> >
> > More infomation
> > I will be adding the ipsec policies manually and am using ipsec in
> > tunnel mode. I have two sites behind each of which is a subnet.
> >
> > Looking forward to hearing from you guys.
> >
> > Ahmad
>
> ======================================================================
> Andreas Steffen
> andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>
> strongSwan - the Open Source VPN Solution!
> www.strongswan.org <http://www.strongswan.org>
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
#! /bin/sh
### BEGIN INIT INFO
# Provides: charon
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: strongSwan charon IKE daemon
# Description: with swanctl the strongSwan charon daemon must be
# running in the background
### END INIT INFO
# Author: Andreas Steffen <andreas.steffen at strongswa.org>
#
# Do NOT "set -e"
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="strongSwan charon IKE daemon"
NAME=charon
DAEMON=/usr/libexec/ipsec/$NAME
DAEMON_ARGS=""
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/charon
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- \
$DAEMON_ARGS \
|| return 2
# Add code here, if necessary, that waits for the process to be ready
# to handle requests from services started subsequently which depend
# on this one. As a last resort, sleep for some time.
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
#
# If the daemon can reload its configuration without
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
return 0
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
#reload|force-reload)
#
# If do_reload() is not implemented then leave this commented out
# and leave 'force-reload' as an alias for 'restart'.
#
#log_daemon_msg "Reloading $DESC" "$NAME"
#do_reload
#log_end_msg $?
#;;
restart|force-reload)
#
# If the "reload" option is implemented then remove the
# 'force-reload' alias
#
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
exit 3
;;
esac
:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150718/91cfca9a/attachment.bin>
More information about the Users
mailing list