[strongSwan] Using just charon

Ruel, Ryan rruel at akamai.com
Sat Jul 18 13:44:51 CEST 2015 

Anreas,

Are there any limitations to just starting the charon daemon directly (versus using the “ipsec” script)?

/Ryan




On 7/18/15, 6:26 AM, "Andreas Steffen" <andreas.steffen at strongswan.org> wrote:

>Hi Ahmand,
>
>no, just start charon itself:
>
>  /usr/libexec/ipsec/charon &
>
>If you have an Ubuntu or Debian platform you can use the attached
>/etc/init.d/charon runlevel script and start and stop the daemon
>with
>
>  sudo service charon start
>
>  sudo service charon stop
>
>If you have Fedora or some other OS supporting systemd then you
>can use the charon-systemd daemon variant.
>
>Best regards
>
>Andreas
>
>On 07/18/2015 12:12 PM, Mohammad Ahmad wrote:
>> Hey Andreas,
>> 
>> Thank you for response. Quick followup,  I need to run 'ipsec start' 
>> with the sample configuration file you have shared to start charon in
>> the background?
>> 
>> I apologize for asking very basic questions. I'm just getting started
>> with strongswan.
>> 
>> 
>> On Sat, Jul 18, 2015, 2:46 AM Andreas Steffen
>> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
>> wrote:
>> 
>>     Hi Ahmad,
>> 
>>     if you intend to use the vici plugin then you need neither
>>     starter nor stroke. Just start the charon daemon in the
>>     background. The minimum of plugins you need are e.g.
>> 
>>     https://www.strongswan.org/uml/testresults/swanctl/rw-cert/moon.strongswan.conf
>> 
>>     Best regards
>> 
>>     Andreas
>> 
>>     On 07/18/2015 04:26 AM, Mohammad Ahmad wrote:
>>     > Hi,
>>     >
>>     > I want to run charon and plan to speak to it using a vici plugin I am
>>     > developing.
>>     > With racoon, I run racoon -f /path/to/config but with charon, I see a
>>     > number of tools that can be used to achieve this, stroke, starter,
>>     > ipsec but am unsure which one will require the minimum number of
>>     > packages to be installed (I want to keep that to a minimum).
>>     >
>>     > More infomation
>>     > I will be adding the ipsec policies manually and am using ipsec in
>>     > tunnel mode. I have two sites behind each of which is a subnet.
>>     >
>>     > Looking forward to hearing from you guys.
>>     >
>>     > Ahmad
>> 
>>     ======================================================================
>>     Andreas Steffen                       
>>      andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>
>>     strongSwan - the Open Source VPN Solution!         
>>     www.strongswan.org <http://www.strongswan.org>
>>     Institute for Internet Technologies and Applications
>>     University of Applied Sciences Rapperswil
>>     CH-8640 Rapperswil (Switzerland)
>>     ===========================================================[ITA-HSR]==
>> 
>
>-- 
>======================================================================
>Andreas Steffen                         andreas.steffen at strongswan.org
>strongSwan - the Open Source VPN Solution!          www.strongswan.org
>Institute for Internet Technologies and Applications
>University of Applied Sciences Rapperswil
>CH-8640 Rapperswil (Switzerland)
>===========================================================[ITA-HSR]==

More information about the Users mailing list