[strongSwan] Two questions about swanctl.conf

xalloc xalloc at protonmail.com
Mon May 13 09:33:42 CEST 2019

1) Is there a "more secure" way to store the per-user psk password in swanctl.conf file?
Reading your swanctl.conf guide https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf#secrets-section

"It is not recommended to define any private key decryption passphrases, as then there is no real security benefit in having encrypted keys. Either store the key unencrypted or enter the keys manually when loading credentials."

Maybe I'm misreading that sentence. I just have the plain password.

2) In the pools section, is there a way to define the default localdomain-search variable?

Thank you

More information about the Users mailing list