Re: [strongSwan] Using just charon

Sat, 18 Jul 2015 03:27:08 -0700 

Hi Ahmand,

no, just start charon itself:

  /usr/libexec/ipsec/charon &

If you have an Ubuntu or Debian platform you can use the attached
/etc/init.d/charon runlevel script and start and stop the daemon
with

  sudo service charon start

  sudo service charon stop

If you have Fedora or some other OS supporting systemd then you
can use the charon-systemd daemon variant.

Best regards

Andreas

On 07/18/2015 12:12 PM, Mohammad Ahmad wrote:
> Hey Andreas,
> 
> Thank you for response. Quick followup,  I need to run 'ipsec start' 
> with the sample configuration file you have shared to start charon in
> the background?
> 
> I apologize for asking very basic questions. I'm just getting started
> with strongswan.
> 
> 
> On Sat, Jul 18, 2015, 2:46 AM Andreas Steffen
> <[email protected] <mailto:[email protected]>>
> wrote:
> 
>     Hi Ahmad,
> 
>     if you intend to use the vici plugin then you need neither
>     starter nor stroke. Just start the charon daemon in the
>     background. The minimum of plugins you need are e.g.
> 
>     
> https://www.strongswan.org/uml/testresults/swanctl/rw-cert/moon.strongswan.conf
> 
>     Best regards
> 
>     Andreas
> 
>     On 07/18/2015 04:26 AM, Mohammad Ahmad wrote:
>     > Hi,
>     >
>     > I want to run charon and plan to speak to it using a vici plugin I am
>     > developing.
>     > With racoon, I run racoon -f /path/to/config but with charon, I see a
>     > number of tools that can be used to achieve this, stroke, starter,
>     > ipsec but am unsure which one will require the minimum number of
>     > packages to be installed (I want to keep that to a minimum).
>     >
>     > More infomation
>     > I will be adding the ipsec policies manually and am using ipsec in
>     > tunnel mode. I have two sites behind each of which is a subnet.
>     >
>     > Looking forward to hearing from you guys.
>     >
>     > Ahmad
> 
>     ======================================================================
>     Andreas Steffen                       
>      [email protected] <mailto:[email protected]>
>     strongSwan - the Open Source VPN Solution!         
>     www.strongswan.org <http://www.strongswan.org>
>     Institute for Internet Technologies and Applications
>     University of Applied Sciences Rapperswil
>     CH-8640 Rapperswil (Switzerland)
>     ===========================================================[ITA-HSR]==
> 

-- 
======================================================================
Andreas Steffen                         [email protected]
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

#! /bin/sh
### BEGIN INIT INFO
# Provides:          charon 
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: strongSwan charon IKE daemon 
# Description:       with swanctl the strongSwan charon daemon must be
#                    running in the background
### END INIT INFO

# Author: Andreas Steffen <[email protected]>
#
# Do NOT "set -e"

# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="strongSwan charon IKE daemon"
NAME=charon
DAEMON=/usr/libexec/ipsec/$NAME
DAEMON_ARGS=""
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/charon

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions

#
# Function that starts the daemon/service
#
do_start()
{
        # Return
        #   0 if daemon has been started
        #   1 if daemon was already running
        #   2 if daemon could not be started
        start-stop-daemon --start --quiet --background --pidfile $PIDFILE 
--exec $DAEMON --test > /dev/null \
                || return 1
        start-stop-daemon --start --quiet --background --pidfile $PIDFILE 
--exec $DAEMON -- \
                $DAEMON_ARGS \
                || return 2
        # Add code here, if necessary, that waits for the process to be ready
        # to handle requests from services started subsequently which depend
        # on this one.  As a last resort, sleep for some time.
}

#
# Function that stops the daemon/service
#
do_stop()
{
        # Return
        #   0 if daemon has been stopped
        #   1 if daemon was already stopped
        #   2 if daemon could not be stopped
        #   other if a failure occurred
        start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile 
$PIDFILE --name $NAME
        RETVAL="$?"
        [ "$RETVAL" = 2 ] && return 2
        # Wait for children to finish too if this is a daemon that forks
        # and if the daemon is only ever run from this initscript.
        # If the above conditions are not satisfied then add some other code
        # that waits for the process to drop all resources that could be
        # needed by services started subsequently.  A last resort is to
        # sleep for some time.
        start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec 
$DAEMON
        [ "$?" = 2 ] && return 2
        # Many daemons don't delete their pidfiles when they exit.
        rm -f $PIDFILE
        return "$RETVAL"
}

#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
        #
        # If the daemon can reload its configuration without
        # restarting (for example, when it is sent a SIGHUP),
        # then implement that here.
        #
        start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name 
$NAME
        return 0
}

case "$1" in
  start)
        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
        do_start
        case "$?" in
                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
  stop)
        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
        do_stop
        case "$?" in
                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
  status)
        status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
        ;;
  #reload|force-reload)
        #
        # If do_reload() is not implemented then leave this commented out
        # and leave 'force-reload' as an alias for 'restart'.
        #
        #log_daemon_msg "Reloading $DESC" "$NAME"
        #do_reload
        #log_end_msg $?
        #;;
  restart|force-reload)
        #
        # If the "reload" option is implemented then remove the
        # 'force-reload' alias
        #
        log_daemon_msg "Restarting $DESC" "$NAME"
        do_stop
        case "$?" in
          0|1)
                do_start
                case "$?" in
                        0) log_end_msg 0 ;;
                        1) log_end_msg 1 ;; # Old process is still running
                        *) log_end_msg 1 ;; # Failed to start
                esac
                ;;
          *)
                # Failed to stop
                log_end_msg 1
                ;;
        esac
        ;;
  *)
        #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
        echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
        exit 3
        ;;
esac

:

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to