Client side configuration?
- For example, with
ipsec up name of the connection. (Yes, it's missing from the article. Add it?). --Indigo (talk) 19:49, 20 December 2018 (UTC)
- Sorry I still have trouble setting up the connection, not to mention contributing to the article! I'd love to help though if I eventually get it working. The current article is unclear on a few points:
- There's only one configuration example on the server. How do I configure on the client? How do I supply the server address when bring up the connection?
- How is authentication done on the server? Presumably I keep the server certificate on the server, and client certificate on the client (wrong?). And only the host key is configured in
/etc/ipsec.secrets. How does the server know anything about the client? Qian (talk) 07:15, 21 December 2018 (UTC)
Starting the service: replace legacy with new starter?
According to some articles on the Internet, since v5.8.0 the systemd services have been renamed. Shouldn't the service starter become the new [strongswan.service] instead of the (by now) legacy [strongswan-starter.service]?
- Version 5.8.0
- The systemd service units have been renamed. The modern unit, which was called strongswan-swanctl,
- is now called strongswan (the previous name is configured as alias in the unit, for which a symlink is
- created when the unit is enabled). The legacy unit is now called strongswan-starter.
In fact, the article might be more outdated. The configuration style /etc/ipsec.conf belongs to the legacy starter (starter) and the new style /etc/swanctl/conf.d/myconf.conf to the modern starter (swanctl).
For example this is the migration from ipsec.conf to swanctl.conf