From: Philip Prindeville <[email protected]> From: Philip Prindeville <[email protected]>
As certs, CAs, keys, etc. are all contained individually in their own files, so should it be with configurations and secrets. This makes managing a VPN concentrator with scripts easier since you don't have to worry about replacing/deleting/etc parts of a file: you either write the entire file, or you delete the entire file. Signed-off-by: Philip Prindeville <[email protected]> --- man/ipsec.secrets.5.in | 2 +- src/starter/Makefile.am | 2 ++ src/starter/ipsec.conf | 2 ++ src/starter/ipsec.secrets | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/man/ipsec.secrets.5.in b/man/ipsec.secrets.5.in index 15e36faff30ff50cbdc3cbe1793feeef46d7e880..9b06458a196946a8a9c719f1d1f2c1a8d4c696ad 100644 --- a/man/ipsec.secrets.5.in +++ b/man/ipsec.secrets.5.in @@ -27,7 +27,7 @@ carol : XAUTH "4iChxLT3" dave : XAUTH "ryftzG4A" # get secrets from other files -include ipsec.*.secrets +include ipsec.d/secrets/* .fi .RE .LP diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 298a1fb5782776b5f869cbada1f768cbbf0528f9..107cea630223039e6104a0fcbd80b1fcaee98c46 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -68,4 +68,6 @@ install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/conf" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/conf" || true test -e "$(DESTDIR)$(sysconfdir)/ipsec.secrets" || $(INSTALL) -m 600 $(srcdir)/ipsec.secrets $(DESTDIR)$(sysconfdir)/ipsec.secrets || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/conf" || $(INSTALL) -d -m 700 "$(DESTDIR)$(sysconfdir)/ipsec.d/secrets" || true diff --git a/src/starter/ipsec.conf b/src/starter/ipsec.conf index a33d68c0a34aaa30dd3c8a0f31dfe74ef609ded8..2c82a9f774c5c3542f953890d63cdb3caf83c0e5 100644 --- a/src/starter/ipsec.conf +++ b/src/starter/ipsec.conf @@ -26,3 +26,5 @@ config setup # rightsubnet=10.2.0.0/16 # rightid="C=CH, O=Linux strongSwan CN=peer name" # auto=start + +include ipsec.d/conf/*.conf diff --git a/src/starter/ipsec.secrets b/src/starter/ipsec.secrets index dae7709a126b6a82c4a6a77a9a9dd087b1e6f8c7..6b3b8964a26df3c10b05f93a1b6a29d43d3c0bf5 100644 --- a/src/starter/ipsec.secrets +++ b/src/starter/ipsec.secrets @@ -1 +1,3 @@ # ipsec.secrets - strongSwan IPsec secrets file + +include ipsec.d/secrets/* -- 2.17.1
