[strongSwan] swanctl.conf debugging-- fails to load certificates
Stephen Ayotte
stephen.ayotte at gmail.com
Thu May 11 18:39:13 CEST 2017
Thanks Tobias!! That did the trick. Specifically I added this to the config
flags:
--disable-gmp --enable-openssl
In my defense regarding that load statement, I was working from this
example: https://www.strongswan.org/testing/testresults/swanctl/frags-ipv4/
Everything's loading successfully now, and I see the beginning of an IKEv2
negotiation when I ping from one host to the other. Great progress!
> but the local_addrs/remote_addrs/local_ts/remote_ts +
> > start_action=trap in swanctl.conf looks like it should get the job done.
>
> You can do the same thing with ipsec.conf.
I'm missing how... it seems like all the examples include both a "left" and
a "right", the rvals for which can be IP addresses but not CIDR blocks.
Could you nudge me in the right direction with a keyword or something I can
search / read on to figure out how to do that?
Semi-related observation: there are more examples / richer documentation
for ipsec.conf, including web search results, than for swanctl.conf. All
else being equal, I'd rather be in the mainstream so I can use other
people's known-good configs as a reference point. Is the intent to
eventually deprecate ipsec.conf in favor of swanctl, or is swanctl just an
alternative?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170511/71b78f4c/attachment-0001.html>
More information about the Users
mailing list