[strongSwan] Multiple charon daemons mininet namespaces

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Apr 26 20:23:59 CEST 2017


Hello Piyush,

You can't do that when you start charon using "ipsec" (which implicitely calls "ipsec starter".
You can do it with charon-systemd, though (but then you need to start it using systemd and you get a similiar problem).

Kind regards,
Noel

On 26.04.2017 20:11, Piyush Agarwal wrote:
> Hi,
> I need to run multiple ipsec charon daemons in multiple mininet namespaces (perhaps some semantics change from ip namespaces).
>
> Sure enough, on following steps from https://wiki.strongswan.org/projects/strongswan/wiki/Netns (including piddir change), I could get multiple charon daemons running with*ip network namespaces*.
>
> I am not trying to achieve two things:
> 1) Run multiple charon daemons with mininet namespaces
> 2) Be able to do so without requiring piddir configuration option change.
>
> Regarding (1): I am not sure if mininet namespaces provide for bind mounting anything /etc/netns/<namespace name>/ to /etc/ for the process running in that network namespace -- if it doesn't, I will bind mount manually before starting charon/ipsec. So this should be okay.
>
> But, I am trying to find how I can do away the piddir configuration change and make it work directly from the deb file install. Is there no way to achieve this? No environment variable that can be set?
>
> Appreciate any comments/directions/pointers.
>
> Thank you.
> Piyush
>
>
> -- 
> Piyush Agarwal
> Life can only be understood backwards; but it must be lived forwards.
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-- 
Noel Kuntze
IT security consultant

GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170426/066460ab/attachment.sig>


More information about the Users mailing list