[strongSwan] multiple remote_ts with ikev1 file format
Marco Berizzi
pupilla at hotmail.com
Thu Feb 22 13:15:33 CET 2018
Hello everyone,
I would like to finally drop the ipsec.conf and ipsec.secrets
configuration files from my strongswan ipsec gateway.
I have a couple of questions to ask.
I'm running strongswan 5.6.2 on Slackware linux (still systemd
free).
On my test bed, ipsec.conf and ipsec.secrets are those shipped
with strongswan: they are both empty.
I'm starting strongswan with the old 'ipsec start', and after I
issue the command: 'swanctl -q' for loading the configuration
files under /etc/swanctl/conf.d/*
Am I right? Or is there a smarter way to start strongswan without
the old 'ipsec' script?
The second question is about the file format when multiple remote_ts
need to be defined when ikev1 must be used.
Here is my example:
children {
net-0ab10000 {
local_ts = 10.139.10.0/23
remote_ts = 10.177.0.0/16
rekey_time = 8h
start_action = trap
esp_proposals = aes128-sha1-modp1024,aes256-sha1-modp1024
}
net-0ab40000 {
local_ts = 10.139.10.0/23
remote_ts = 10.180.0.0/16
rekey_time = 8h
start_action = trap
esp_proposals = aes128-sha1-modp1024,aes256-sha1-modp1024
}
}
Is there a way to not write in every section the parameters
common to all the children sections (rekey_time, esp_proposals...)?
Thanks in advance
More information about the Users
mailing list