> I insert policies using ip xfrm and want to use charon to establish SAs.
For this to work you have to use constant reqids for your connections (via reqid setting - you'll have to use that reqid in your manually installed policies) and use auto=route so the config is loaded into the trap manager. Just using auto=route with installpolicy=yes (and automatic reqids) is way easier, though, if you don't have any special requirements that makes manual installation of policies necessary. > 1. Where can I then define the "default" section of ipsec.conf. Can > this be done using vici? No, complete connection definitions have to be loaded via VICI. > 2. How can I enable vici if I used apt-get on ubuntu to install > strongswan-ikev1? Ubuntu deploys some plugins in separate packages, however it doesn't look like vici (or swanctl for that matter) is packaged. So you have to build strongSwan from sources (or build your own package). Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
