[strongSwan] 10[CFG] trap not found, unable to acquire reqid 10 and vici query
Mohammad Ahmad
mohd.ahmad17 at gmail.com
Fri Jul 24 00:08:06 CEST 2015
Thanks for the help! That solved the problem.
Now I am moving on to using the vici plugin!
On Thu, Jul 23, 2015 at 10:20 AM, Tobias Brunner <tobias at strongswan.org> wrote:
>> Since I am using this in a dynamic environment it is necessary for
>> me to add policies manually.
>
> While a traffic selector based on the triggering packet is also sent to
> the peer, this might not work that well. The daemon does not learn the
> policies you install manually, so you probably still have to load them
> using left|rightsubnet in auto=route configs. But you can add/remote
> configs dynamically and use `ipsec update` to notify the daemon (this
> also works with installpolicy=yes, of course - and similarly via VICI).
>
>> So variables such as 'keylifetime' need to be added for each conn. I
>> assumed there may be a way to define some parameters such as 'rekey'
>> margin for all connections.
>
> No, that has to be added for all connections (it's actually the same for
> ipsec.conf, there the parser just "adds" the options in %default to all
> other conn sections - the daemon always sees the complete config).
>
> Regards,
> Tobias
>
More information about the Users
mailing list