[strongSwan] Two questions about swanctl.conf

Tobias Brunner tobias at strongswan.org
Mon May 13 14:18:26 CEST 2019


> Can swanctl ask interactively for the password if not inserted in the conf file?

It does prompt for passwords for private keys if they are not found in
the config.  But it can't load shared secrets that way.

> Does this guide apply to swanctl too? Cause currently I'm root-only
> https://wiki.strongswan.org/projects/strongswan/wiki/ReducedPrivileges

Not directly, but if the daemon doesn't run as root (which e.g. changes
the ownership of the VICI UNIX socket), then this has to be considered
when using swanctl.


More information about the Users mailing list