[strongSwan] migration from StrongSwan 5.1.2 to 5.3.2

Noel Kuntze noel at familie-kuntze.de
Thu Sep 3 21:14:49 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Charlie,

Am 03.09.2015 um 01:32 schrieb Li, Charlie:
>
> Hi Team,
>
> 
>
> I have been using StrongSwan 5.1.2 (in Ubuntu 14.04) for a while. Attached are the ipsec.confand ipsec.secretsfiles used for my tests. Basically PSK = ipsecis used for all connections.
>
> 
>
> But when I use the same ipsec.confand ipsec.secretsfiles with StrongSwan 5.3.2 (in Fedora 22), it does not work.
>
> 
>
> Looks like with 5.3.2, ipsec.secretsfile is not used anymore, instead swanctl.confis introduced.
>
> 
>
> Appreciate if someone can show me how to migrate to 5.3.2.
>
> 
>
> Thanks,
>
> Charlie
>

Nope.
strongSwan still supports ipsec.conf. swanctl.conf is just an additonal configuration file, which you /can/ use instead of ipsec.conf. The format
is much nicer than the one ipsec.conf uses and it is loaded over vici socket, which is much better to handle as an API than stroke socket.

Fedora and other RHEL like distros (CentOS, ...) store the strongSwan configuration files in /etc/strongswan/, not in /etc/.
Make sure to adjust the ACLs and SElinux context of the files.

- -- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV6JwnAAoJEDg5KY9j7GZYW3gP/2pKZlcGJYeGDxi0rUv99xkm
99KWqE7fYNihEprhjtYvMca1vWP1pMmbS8WYRerriLfA9afpRrrWZ0LeKty/9Ijj
ple2fiP+rKgnz8pcjeFBCqZCOXbG6cvtiqAXtrL9APwjKwnPMkoRZmXkZEHi1JmO
yGNkZmIHmySVdU8yM+woB0+Akj1tGPFkekvnLPd01aBLal5QjD8BHZwBhYPrEJPS
YM53jtrpc+cfBYWWlu/Rrg2UmVyg14dKyiCc0D/v18swg0Qz1AK1JtgIHcHp5UZU
9jhrzNI7tGCecoFZuSAL4VXwZne0jdO3st1XdLvvSa50pgBj/zD0ACVJ4bEc5mf2
NgPZ4CJCqaH+jxi0PI4bYJOlmqWJGfCMkyh4PjAY69WgDAsAfNS0XYB6vp+WATYJ
ZJNRCRdHuWTt5udAe+gdzCHq76oS7eDsMfzmTHHNFfxHeB8sO0ipT+Mu/Ic554s8
3eqhxXeSCGfmBzQPAKnwPA7bsLXc/zxAYfWBDlNFA/84ZRXOH8VKNZmN1xYwnctG
Ed9GPgoBhUEWIFlJcP7dXp/9ECuWmLwtnyn1e0pD5YP05ys4AyfwgLaRVygkllJL
SxoAaVuxZw/juN8USsrGpNbLkicTeDnvKdL8ddAR2Pn70Q8nWZdDj8hXshgfDffA
OvPXkd6BphJEJkS2bxoV
=ZT2N
-----END PGP SIGNATURE-----



More information about the Users mailing list