[strongSwan] Host to host with certs - where to put own private key?

Kostya Vasilyev kman at fastmail.com
Wed Feb 13 14:03:20 CET 2019


On Wed, Feb 13, 2019, at 3:24 PM, Kostya Vasilyev wrote:
> Tobias,
> On Wed, Feb 13, 2019, at 3:11 PM, Tobias Brunner wrote:
> > Hi Kostya,
> > 
> > > Hmm, there is no strongswan-swanctl service on Debian (buster / testing)...
> > 
> > There is if you install it [1].

Thank you for your help.

I now have my tunnel running from new format config.

> > > systemctl start strongswan
> > 
> > That's the legacy service provided by strongswan-starter (i.e. it starts
> > starter, which parses ipsec.conf etc.).
> > 

Now I'm wondering if it's possible to uninstall this legacy service (which supports ipsec.conf format configuration files).

apt-get remove strongswan-starter

The following packages will be REMOVED:
  strongswan strongswan-charon strongswan-starter

Removing "strongswan" package seems like a bad idea.

Guess I should keep "strongswan" and just remove my "old" (ipsec.conf format) files?

Anything else I can uninstall if I don't need support of "legacy" format files?

-- K

More information about the Users mailing list