So is this the information that I should follow from the wiki: Is it best to use the NetworkManager plugin? Configuration Files
The configuration files used by strongSwan are as follows: - ipsec.conf<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecConf>: provides the configuration of IPsec connections - ipsec.secrets<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets>: lists the secrets (pre-shared keys, private keys) - ipsec.d<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectory>: stores certificates and private keys - strongswan.conf<http://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf>: allows one to configure global settings Other Configuration Sources The configuration may also be loaded from an SQL database<http://wiki.strongswan.org/projects/strongswan/wiki/SQL>or provided by custom plugins like the one used with the NetworkManager plugin<http://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager> . Invocation and Maintenance strongSwan is usually controlled with the ipsec command<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand>. ipsec start will start the starter daemon<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecStarter>which in turn starts and configures the keying daemon charon<http://wiki.strongswan.org/projects/strongswan/wiki/Charon> . Connections defined as conn sections in ipsec.conf<http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection>can be started on three different occasions: - *On startup*: Connections configured with *auto=start* will automatically be established when the daemon is started. - *On traffic*: If *auto=route* is used, IPsec policies for the configured traffic (*left|rightsubnet*) will be installed and traffic matching these policies will trigger events that cause the daemon to establish the connection. - *Manually*: A connection that uses *auto=add* has to be established manually with ipsec up <name>. It is also possible to use ipsec route <name> to install policies manually for such connections. After an SA has been established ipsec down may be used to tear down the IKE_SA or individual CHILD_SAs. Whenever the ipsec.conf<http://wiki.strongswan.org/projects/strongswan/wiki/Ipsecconf>file is changed it may be reloaded with ipsec update or ipsec reload. Already established connections are not affected by these commands, if that is required ipsec restart must be used. If ipsec.secrets<http://wiki.strongswan.org/projects/strongswan/wiki/Ipsecsecrets>or the files in ipsec.d <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectory>have been changed the ipsec reread...<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand#Reread-Commands>commands may be used to reload these files. End-entity certificates placed in ipsec.d/certs<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectoryCerts>are not reloaded automatically, instead they are loaded whenever referenced with *left|rightcert* in a conn section<http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection>. Using the ipsec purge...<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand#Purge-Commands>commands may be required in order for the new files to be used. Using the ipsec list...<http://wiki.strongswan.org/projects/strongswan/wiki/Ipseccommand#List-Commands>commands will provide information about loaded or cached certificates, supported algorithms and loaded plugins. On Thu, May 1, 2014 at 11:34 AM, Brian Watson <[email protected]>wrote: > Hi, > I'm new to StrongSwan and am looking for some good instructions on > setting up a VPN between 2 virtual machines running on the same laptop. The > wiki pages seem to lay out a lot of different scenarios, but nothing to > walk you through the steps necessary to start from scratch. I've downloaded > the sw into my Ubuntu machine, but can't find the instructions as to what > app to start and what to do next. > > Any ideas? > > Thanks, > Brian >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
