[strongSwan] Using just charon

Noel Kuntze noel at familie-kuntze.de
Sun Jul 19 22:34:25 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Ryan,

ipsec starter loads the configuration into charon using stroke socket.
If you don't use ipsec starter, that doesn't happen, so you need to
load the config manually, using ipsec reload/update.

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 18.07.2015 um 13:44 schrieb Ruel, Ryan:
> Anreas,
>
> Are there any limitations to just starting the charon daemon directly (versus using the “ipsec” script)?
>
> /Ryan
>
>
>
>
> On 7/18/15, 6:26 AM, "Andreas Steffen" <andreas.steffen at strongswan.org> wrote:
>
>> Hi Ahmand,
>>
>> no, just start charon itself:
>>
>>  /usr/libexec/ipsec/charon &
>>
>> If you have an Ubuntu or Debian platform you can use the attached
>> /etc/init.d/charon runlevel script and start and stop the daemon
>> with
>>
>>  sudo service charon start
>>
>>  sudo service charon stop
>>
>> If you have Fedora or some other OS supporting systemd then you
>> can use the charon-systemd daemon variant.
>>
>> Best regards
>>
>> Andreas
>>
>> On 07/18/2015 12:12 PM, Mohammad Ahmad wrote:
>>> Hey Andreas,
>>>
>>> Thank you for response. Quick followup,  I need to run 'ipsec start'
>>> with the sample configuration file you have shared to start charon in
>>> the background?
>>>
>>> I apologize for asking very basic questions. I'm just getting started
>>> with strongswan.
>>>
>>>
>>> On Sat, Jul 18, 2015, 2:46 AM Andreas Steffen
>>> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
>>> wrote:
>>>
>>>     Hi Ahmad,
>>>
>>>     if you intend to use the vici plugin then you need neither
>>>     starter nor stroke. Just start the charon daemon in the
>>>     background. The minimum of plugins you need are e.g.
>>>
>>>     https://www.strongswan.org/uml/testresults/swanctl/rw-cert/moon.strongswan.conf
>>>
>>>     Best regards
>>>
>>>     Andreas
>>>
>>>     On 07/18/2015 04:26 AM, Mohammad Ahmad wrote:
>>>     > Hi,
>>>     >
>>>     > I want to run charon and plan to speak to it using a vici plugin I am
>>>     > developing.
>>>     > With racoon, I run racoon -f /path/to/config but with charon, I see a
>>>     > number of tools that can be used to achieve this, stroke, starter,
>>>     > ipsec but am unsure which one will require the minimum number of
>>>     > packages to be installed (I want to keep that to a minimum).
>>>     >
>>>     > More infomation
>>>     > I will be adding the ipsec policies manually and am using ipsec in
>>>     > tunnel mode. I have two sites behind each of which is a subnet.
>>>     >
>>>     > Looking forward to hearing from you guys.
>>>     >
>>>     > Ahmad
>>>
>>>     ======================================================================
>>>     Andreas Steffen                      
>>>      andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>
>>>     strongSwan - the Open Source VPN Solution!        
>>>     www.strongswan.org <http://www.strongswan.org>
>>>     Institute for Internet Technologies and Applications
>>>     University of Applied Sciences Rapperswil
>>>     CH-8640 Rapperswil (Switzerland)
>>>     ===========================================================[ITA-HSR]==
>>>
>>
>> --
>> ======================================================================
>> Andreas Steffen                         andreas.steffen at strongswan.org
>> strongSwan - the Open Source VPN Solution!          www.strongswan.org
>> Institute for Internet Technologies and Applications
>> University of Applied Sciences Rapperswil
>> CH-8640 Rapperswil (Switzerland)
>> ===========================================================[ITA-HSR]==
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVrAnQAAoJEDg5KY9j7GZYVTsP/1AbUfJzwr0M4/P0TiBKCZeW
H00avc4OAQJb4UN4kx+cPvffiekIdLLm/3AWk5MTqMytkpziDZ/EVHsekpXDvnTy
PCbDdDH/5dtn3bCQUTMu3DCsHcnFcORiN0E3juAJn144iE0kuxB4hY4qhLf8OTmt
I3iY6HcSDbgVaiAacK4nGLbsyUWAf0TBaOI80yPNZhRiSr9UHe2Qs9rJzNNWI3a+
D6DPlLODhQeH2f9cKIBiL5GIRzaWxPD48lF8hWdhB3ekajaDUwL+yyuMQ91Hd+8F
qBBvLnZU287KaTObiunrI6Rz4V9vUUDv9xzsxLAXgBbjcK3otf1v/ga1o3byVitH
FOfYkJOIlbViiUT94J3VKwmK6RVQ9Sp2LgNBbB76p0DAhvMYgZFhX51YhXzrIoT0
iHDlZpoaNEuKPY6oe0Ky/UpOv3LgoIVLOLsAbUSI3R6aV5jxMcp+EQRj9wnqED4x
0mBu5EpKLsBBjjGF65hi1LipsHgdmILfrLiTVFZSr/ZmU6NEpPhx4v/6iU4jD9bm
f4u+u1FO+2F4kO3wPIwi+fDd7i6R+5JrzX8EHaADg//TNTlqd4yJimfE+k5mQbBN
ZfMXlEiysIj5j5EHICgxzuUbn5dTrzo04RsPzWl6dmVwhNE1ZceUnNkAsoir1HO+
uzqOE/mJ1NOJW10gKMjn
=Tnhl
-----END PGP SIGNATURE-----

More information about the Users mailing list