Thanks for the help! That solved the problem. Now I am moving on to using the vici plugin!
On Thu, Jul 23, 2015 at 10:20 AM, Tobias Brunner <[email protected]> wrote: >> Since I am using this in a dynamic environment it is necessary for >> me to add policies manually. > > While a traffic selector based on the triggering packet is also sent to > the peer, this might not work that well. The daemon does not learn the > policies you install manually, so you probably still have to load them > using left|rightsubnet in auto=route configs. But you can add/remote > configs dynamically and use `ipsec update` to notify the daemon (this > also works with installpolicy=yes, of course - and similarly via VICI). > >> So variables such as 'keylifetime' need to be added for each conn. I >> assumed there may be a way to define some parameters such as 'rekey' >> margin for all connections. > > No, that has to be added for all connections (it's actually the same for > ipsec.conf, there the parser just "adds" the options in %default to all > other conn sections - the daemon always sees the complete config). > > Regards, > Tobias > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
