[strongSwan] 10[CFG] trap not found, unable to acquire reqid 10 and vici query

Tobias Brunner tobias at strongswan.org
Thu Jul 23 19:20:08 CEST 2015


> Since I am using this in a dynamic environment it is necessary for
> me to add policies manually.

While a traffic selector based on the triggering packet is also sent to
the peer, this might not work that well.  The daemon does not learn the
policies you install manually, so you probably still have to load them
using left|rightsubnet in auto=route configs.  But you can add/remote
configs dynamically and use `ipsec update` to notify the daemon (this
also works with installpolicy=yes, of course - and similarly via VICI).

> So variables such as 'keylifetime' need to be added for each conn. I
> assumed there may be a way to define some parameters such as 'rekey'
> margin for all connections.

No, that has to be added for all connections (it's actually the same for
ipsec.conf, there the parser just "adds" the options in %default to all
other conn sections - the daemon always sees the complete config).

Regards,
Tobias



More information about the Users mailing list