[strongSwan] disable generation of myKey.der
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Wed May 10 09:45:49 CEST 2017
Hellp Piyush,
On 10.05.2017 01:37, Piyush Agarwal wrote:
> Hi,
> I am working with Strongswan 5.1.2 and I want to disable auto-generation of myKey.der and selfCert.der in ipsec.d/private and ipsec.d/certs/ if ipsec.secrets file is missing.
>
> Unfortunately, in my flow I may want to start ipsec with ipsec.secrets missing; later I generate ipsec.secrets file and then call "ipsec reload" to have the config loaded and tunnel established.
>
> I couldn't find any configuration option to do this. I hope I don't need a compilation change to make this happen?
>
> Thanks.
There's no configuration option for this, but that "feature" was taken out in a relatively recent patch. If you upgrade to the newest version of strongSwan,
it will stop to generate it. You would also get all the benefits of a recent version.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170510/04721a35/attachment.sig>
More information about the Users
mailing list