[strongSwan] disable generation of myKey.der
noel.kuntze+strongswan-users-ml at thermi.consulting
Wed May 10 09:45:49 CEST 2017
On 10.05.2017 01:37, Piyush Agarwal wrote:
> I am working with Strongswan 5.1.2 and I want to disable auto-generation of myKey.der and selfCert.der in ipsec.d/private and ipsec.d/certs/ if ipsec.secrets file is missing.
> Unfortunately, in my flow I may want to start ipsec with ipsec.secrets missing; later I generate ipsec.secrets file and then call "ipsec reload" to have the config loaded and tunnel established.
> I couldn't find any configuration option to do this. I hope I don't need a compilation change to make this happen?
There's no configuration option for this, but that "feature" was taken out in a relatively recent patch. If you upgrade to the newest version of strongSwan,
it will stop to generate it. You would also get all the benefits of a recent version.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Users