[strongSwan] executing updown script when IKE is created and deleted

Tobias Brunner tobias at strongswan.org
Fri Aug 18 10:40:19 CEST 2017


> Is there anything way to execute external script when IKE is created and
> deleted ?

The updown script is/was intended to install firewall rules that go with
the IPsec SAs so the script is tied to the lifecycle of CHILD_SAs (but
is not called when CHILD_SAs are rekeyed as the original information
usually doesn't change).

For more options, have a look at the events exposed via VICI [1] (look
for "Server-issued events" in README.md), or write a custom plugin.


[1] https://wiki.strongswan.org/projects/strongswan/wiki/Vici

More information about the Users mailing list