[strongSwan] disable generation of myKey.der

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed May 10 09:45:49 CEST 2017


Hellp Piyush,

On 10.05.2017 01:37, Piyush Agarwal wrote:
> Hi,
> I am working with Strongswan 5.1.2 and I want to disable auto-generation of myKey.der and selfCert.der in ipsec.d/private and ipsec.d/certs/ if ipsec.secrets file is missing.
> 
> Unfortunately, in my flow I may want to start ipsec with ipsec.secrets missing; later I generate ipsec.secrets file and then call "ipsec reload" to have the config loaded and tunnel established.
> 
> I couldn't find any configuration option to do this. I hope I don't need a compilation change to make this happen?
> 
> Thanks.

There's no configuration option for this, but that "feature" was taken out in a relatively recent patch. If you upgrade to the newest version of strongSwan,
it will stop to generate it. You would also get all the benefits of a recent version.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170510/04721a35/attachment.sig>


More information about the Users mailing list