[strongSwan] Converting ipsec.conf to swanctl.conf

Andreas Steffen andreas.steffen at strongswan.org
Thu Feb 25 19:13:24 CET 2016 

Hi Michael,

the name of <child> can be freely chosen. If you have a single CHILD_SA
then you could name it the same as <conn>. With multiple CHILD_SAs each
SA has a name of its own. As you correctly noticed "leftsubnet" equals
"local_ts" and "rightsubnet" is "remote_ts".

With swanctl you start the CHILD_SA:

   swanctl --inititate --child <child>

but you can terminate the CHILD_SA only:

   swanctl --terminate --child <child>

or the IKE_SA with all dependent CHILD_SAs:

   swanctl --terminate --ike <conn>

Best regards

Andreas

On 25.02.2016 11:45, Michael Lipp wrote:
> Thanks a lot. I admit that I could have found this, if I had thought of
> the "config setup" section as actually NOT being related to connections.
>
> Here's another one:
>
> What does "leftsubnet" in ipsec.conf map to in swantctl.conf?
>
> I think it may be "connections.<conn>.children.<child>.local_ts", but I
> have no idea what value to use for "<child>". The examples use "net",
> but I don't understand where this value comes from. If there were
> several "connections.<conn>.children.<child>" sections with different
> "<child>" values, which one would be used? What's the criterion?
>
>   - Michael
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160225/3f54863c/attachment.bin>

More information about the Users mailing list