Hi Chester, > If I want to add a parameter (like leftiprange,rightiprange) in > ipsec.conf, and I hope the parameters can be accepted by strongswan, > how can I implement it?
I'm not sure what you mean by "I hope the parameters can be accepted by strongSwan", but if you want to implement all of this yourselves, you can have a look at the following commits which show the individual steps needed to add a new option to ipsec.conf: 1. Add the new option to keywords.txt|h and parse it in starter: http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=2b26a9c3 Depending on the type of keyword you can't assign it to a member of struct starter_conn directly and you may have to parse it in confread.c manually (but note that many options are actually stored as strings in starter_conn and only parsed later by the IKE daemon). 2. Add the option to struct stroke_msg_t which makes it available to the IKEv2 daemon charon: http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=1f83541d In case of strings you also have to use push_string to actually add the string to the message. 3. Read, parse and use the configured values appropriately in the daemon: http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=277fcf9f The above commit is really just an example, it highly depends on the kind of option you added. IP address ranges could, for instance, directly be converted to traffic selectors and then added to the child_cfg_t object. An alternative (and probably easier) solution would be to change how left|rightsubnet is parsed and allow an alternative syntax there (e.g. leftsubnet=192.168.2.6-192.168.2.20). This has currently not a very high priority for us, but if you need a solution soon and don't want to do this yourselves, you might want to consider our commercial development services. Please contact us directly, if that's an option for you. Regards, Tobias _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users