[strongSwan] 10[CFG] trap not found, unable to acquire reqid 10 and vici query

Tobias Brunner tobias at strongswan.org
Thu Jul 23 18:06:29 CEST 2015

> I insert policies using ip xfrm and want to use charon to establish SAs.

For this to work you have to use constant reqids for your connections
(via reqid setting - you'll have to use that reqid in your manually
installed policies) and use auto=route so the config is loaded into the
trap manager.  Just using auto=route with installpolicy=yes (and
automatic reqids) is way easier, though, if you don't have any special
requirements that makes manual installation of policies necessary.

> 1. Where can I then define the "default" section of ipsec.conf. Can
> this be done using vici?

No, complete connection definitions have to be loaded via VICI.

> 2. How can I enable vici if I used apt-get on ubuntu to install
> strongswan-ikev1?

Ubuntu deploys some plugins in separate packages, however it doesn't
look like vici (or swanctl for that matter) is packaged.  So you have to
build strongSwan from sources (or build your own package).


More information about the Users mailing list