Talk:StrongSwan

From ArchWiki

Client side configuration?

I followed the article and set up the server. But how do I connect from the client? Qian (talk) 13:29, 17 December 2018 (UTC)Reply[reply]

For example, with ipsec up name of the connection. (Yes, it's missing from the article. Add it?). --Indigo (talk) 19:49, 20 December 2018 (UTC)Reply[reply]
Sorry I still have trouble setting up the connection, not to mention contributing to the article! I'd love to help though if I eventually get it working. The current article is unclear on a few points:
  1. There's only one configuration example on the server. How do I configure on the client? How do I supply the server address when bring up the connection?
  2. How is authentication done on the server? Presumably I keep the server certificate on the server, and client certificate on the client (wrong?). And only the host key is configured in /etc/ipsec.secrets. How does the server know anything about the client? Qian (talk) 07:15, 21 December 2018 (UTC)Reply[reply]


Starting the service: replace legacy with new starter?

According to some articles on the Internet, since v5.8.0 the systemd services have been renamed. Shouldn't the service starter become the new [strongswan.service] instead of the (by now) legacy [strongswan-starter.service]?

Version 5.8.0
The systemd service units have been renamed. The modern unit, which was called strongswan-swanctl,
is now called strongswan (the previous name is configured as alias in the unit, for which a symlink is
created when the unit is enabled). The legacy unit is now called strongswan-starter.

In fact, the article might be more outdated. The configuration style /etc/ipsec.conf belongs to the legacy starter (starter) and the new style /etc/swanctl/conf.d/myconf.conf to the modern starter (swanctl).

For example this is the migration from ipsec.conf to swanctl.conf

https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf

ArthurBorsboom (talk) 15:09, 22 April 2020 (UTC)Reply[reply]