Already supported OOTB, just needs to add "include" and the path in the config files.
Starter and by extension stroke and ipsec.conf and ipsec.secrets are deprecated and hence this probably won't be merged. Use swanctl instead. Am 10.10.20 um 02:41 schrieb Philip Prindeville: > From: Philip Prindeville <[email protected]> > > As certs, CAs, keys, etc. are all contained individually in their > own files, so should it be with configurations and secrets. This > makes managing a VPN concentrator with scripts easier since you > don't have to worry about replacing/deleting/etc parts of a file: > you either write the entire file, or you delete the entire file. > > Signed-off-by: Philip Prindeville <[email protected]> > --- > man/ipsec.secrets.5.in | 2 +- > src/starter/Makefile.am | 2 ++ > src/starter/ipsec.conf | 2 ++ > src/starter/ipsec.secrets | 2 ++ > 4 files changed, 7 insertions(+), 1 deletion(-) > > diff --git a/man/ipsec.secrets.5.in b/man/ipsec.secrets.5.in > index > 15e36faff30ff50cbdc3cbe1793feeef46d7e880..9b06458a196946a8a9c719f1d1f2c1a8d4c696ad > 100644 > --- a/man/ipsec.secrets.5.in > +++ b/man/ipsec.secrets.5.in > @@ -27,7 +27,7 @@ carol : XAUTH "4iChxLT3" > dave : XAUTH "ryftzG4A" > > # get secrets from other files > -include ipsec.*.secrets > +include ipsec.d/secrets/* > .fi > .RE > .LP > diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am > index > 298a1fb5782776b5f869cbada1f768cbbf0528f9..107cea630223039e6104a0fcbd80b1fcaee98c46 > 100644 > --- a/src/starter/Makefile.am > +++ b/src/starter/Makefile.am > @@ -68,4 +68,6 @@ install-exec-local : > test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d > "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true > test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) > -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true > test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m > 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true > + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/conf" || $(INSTALL) -d > -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/conf" || true > test -e "$(DESTDIR)$(sysconfdir)/ipsec.secrets" || $(INSTALL) > -m 600 $(srcdir)/ipsec.secrets $(DESTDIR)$(sysconfdir)/ipsec.secrets || true > + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/conf" || $(INSTALL) -d > -m 700 "$(DESTDIR)$(sysconfdir)/ipsec.d/secrets" || true > diff --git a/src/starter/ipsec.conf b/src/starter/ipsec.conf > index > a33d68c0a34aaa30dd3c8a0f31dfe74ef609ded8..2c82a9f774c5c3542f953890d63cdb3caf83c0e5 > 100644 > --- a/src/starter/ipsec.conf > +++ b/src/starter/ipsec.conf > @@ -26,3 +26,5 @@ config setup > # rightsubnet=10.2.0.0/16 > # rightid="C=CH, O=Linux strongSwan CN=peer name" > # auto=start > + > +include ipsec.d/conf/*.conf > diff --git a/src/starter/ipsec.secrets b/src/starter/ipsec.secrets > index > dae7709a126b6a82c4a6a77a9a9dd087b1e6f8c7..6b3b8964a26df3c10b05f93a1b6a29d43d3c0bf5 > 100644 > --- a/src/starter/ipsec.secrets > +++ b/src/starter/ipsec.secrets > @@ -1 +1,3 @@ > # ipsec.secrets - strongSwan IPsec secrets file > + > +include ipsec.d/secrets/* > -- Noel Kuntze IT security consultant GPG Key ID: 0x0739AD6C Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C
signature.asc
Description: OpenPGP digital signature
