[strongSwan] Where to define default proposals ?

Thu Oct 10 16:50:03 CEST 2019

You also need to proceed as described in the config file you copied this from.
The mentions and the following syntax are not optional.

> conn-defaults {
>      # default settings for all conns (e.g. a cert, or IP pools)
> }
> eap-defaults {
>      # defaults if eap is used (e.g. a remote auth round)
> }
> child-defaults {
>      # defaults for child configs (e.g. traffic selectors)
> }
> connections {
>      conn-a : conn-defaults, eap-defaults {
>           # set/override stuff specific to this connection
>           children {
>                child-a : child-defaults {
>                     # set/override stuff specific to this child
>                }
>           }
>      }
>      conn-b : conn-defaults {
>           # set/override stuff specific to this connection
>           children {
>                child-b : child-defaults {
>                     # set/override stuff specific to this child
>                }
>           }
>      }
>      conn-c : connections.conn-a {
>           # everything is inherited, including everything conn-a
>           # already inherits from the sections it and its
>           # sub-section reference
>      }
> }

Am 10.10.19 um 16:44 schrieb Thomas Rudolph:
> Hi,
> 
>  
> 
> where can I define my own default proposals , using strongswan.conf configure method ?
> 
> Yes I studied https://wiki.strongswan.org/projects/strongswan/wiki/Strongswanconf and tried to use
> 
> conn-defaults {
> 
>      # default settings for all conns (e.g. a cert, or IP pools)
> 
> }
> 
> eap-defaults {
> 
>      # defaults if eap is used (e.g. a remote auth round)
> 
> }
> 
> child-defaults {
> 
>      # defaults for child configs (e.g. traffic selectors)
> 
> }
> 
> Like described there, but no effect at all.
> 
> If I define my proposals in connection and child sections they work as expected, but if I try use conn-defaults, eap-defaults and define proposals in default-sections , they are not used.
> 
>  
> 
> I also wonder where I can change proposals who are used if I use the word „default“ as proposal, or don’t define any proposal at all ?
> 
>  
> 
> Regards,
> 
> Thomas
> 
>  
> 
> . --
> Thomas Rudolph
> Teleconnect GmbH
> Am Lehmberg 54, 01157 Dresden, Germany
> 
> Phone: 		+49 351 4236 214 (Main: - 210)
> E-Mail/Skype: 		rudt at teleconnect.de <mailto:rudt at teleconnect.de>
> 
> 
> 
>  Watch our current video!  <https://www.youtube.com/watch?v=YtFrOo9rzSU>
> 
>  Teleconnect  <https://www.teleconnect.de>  Twitter  <https://twitter.com/Teleconnect_>  Linkedin  <https://www.linkedin.com/company/teleconnect-gmbh/>
> 
> USt.-IdNr. (VAT ID): DE140301522
> Registergericht (Commercial registry): Dresden, HRB 1040
> Geschäftsführer (Managing Director): Dr. Gerald Nürnberger
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> Der Inhalt dieser Mail enthält möglicherweise vertrauliche Informationen und ist ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der richtige Adressat sind, teilen Sie dem Absender bitte den Erhalt der Mail mit und löschen Sie die Mail.
> The content of this mail may contain confidential information and is intended solely for the designated addressee. If you are not the intended addressee, then please inform the sender about the receipt of this mail and delete the mail.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191010/514956b5/attachment-0001.sig>