[strongSwan] migration to charon-systemd
Kamil Jońca
kjonca at o2.pl
Wed Sep 20 11:38:52 CEST 2017
Recently I found that I can use strongswan as systemd integrated
service. I tried to move my config to swanctl-like file and I have
partial success.
But I have some questions how to migrate some thigs.
--8<---------------cut here---------------start------------->8---
config setup
strictcrlpolicy=ifuri
ca kaczka
cacert=/etc/ipsec.d/cacerts/ipsec--kaczka--ca.pem
auto=add
conn %default
left=192.168.2.2
leftsubnet=192.168.2.0/24
leftid="C = PL, ST = xxx, O = kjonca.kjonca, OU = ipsec, CN = bla.bla"
leftca="C = PL, ST = xxx, L = yyyy, O = kjonca.kjonca, OU = ipsec, CN = openswan--kjonca.kjonca"
rightca=%same
leftcert="alfa.kjonca.5.pem"
rightdns=192.168.2.2
right=%any
compress=yes
keyexchange=ikev2
auto=add
rightsourceip=%dhcp
#rekey=no
conn w8-kjonca
also=alfa-server
rightid="C=PL, ST=xxx, O=kjonca.kjonca, OU=ipsec, CN=w8-kjonca.kjonca"
rekey=no
conn alfa-server
include /var/lib/strongswan/ipsec.conf.inc
--8<---------------cut here---------------end--------------->8---
1. How to "translate" "rightdns=" to swanctl?
2. How to have dedicate conection which behaves as "alfa-server" except
"rekey" feature?
3. Is it possible to use ids from certificates (as in leftid/leftca)?
4. How to translate "rightca=%same"
KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
"If I do not return to the pulpit this weekend, millions of people will go
to hell."
-- Jimmy Swaggart, 5/20/88
More information about the Users
mailing list