Talk:StrongSwan
Latest comment: 22 April 2020 by ArthurBorsboom in topic Starting the service: replace legacy with new starter?
Client side configuration?
I followed the article and set up the server. But how do I connect from the client? Qian (talk) 13:29, 17 December 2018 (UTC)
- For example, with
ipsec up name of the connection
. (Yes, it's missing from the article. Add it?). --Indigo (talk) 19:49, 20 December 2018 (UTC)
- Sorry I still have trouble setting up the connection, not to mention contributing to the article! I'd love to help though if I eventually get it working. The current article is unclear on a few points:
- There's only one configuration example on the server. How do I configure on the client? How do I supply the server address when bring up the connection?
- How is authentication done on the server? Presumably I keep the server certificate on the server, and client certificate on the client (wrong?). And only the host key is configured in
/etc/ipsec.secrets
. How does the server know anything about the client? Qian (talk) 07:15, 21 December 2018 (UTC)
Starting the service: replace legacy with new starter?
According to some articles on the Internet, since v5.8.0 the systemd services have been renamed. Shouldn't the service starter become the new [strongswan.service] instead of the (by now) legacy [strongswan-starter.service]?
- Version 5.8.0
- The systemd service units have been renamed. The modern unit, which was called strongswan-swanctl,
- is now called strongswan (the previous name is configured as alias in the unit, for which a symlink is
- created when the unit is enabled). The legacy unit is now called strongswan-starter.
In fact, the article might be more outdated. The configuration style /etc/ipsec.conf belongs to the legacy starter (starter) and the new style /etc/swanctl/conf.d/myconf.conf to the modern starter (swanctl).
For example this is the migration from ipsec.conf to swanctl.conf
https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf