Hi, I am not able to figure out how to set installpolicy=false through the vici plugin. There is no installpolicy variable in the child_data_t struct in vici_config.c although there is a install policy variable in the libcharon config.
How can I set installpolicy=false? I want to add policies manually. Ahmad On Thu, Jul 23, 2015 at 3:08 PM, Mohammad Ahmad <[email protected]> wrote: > Thanks for the help! That solved the problem. > > Now I am moving on to using the vici plugin! > > On Thu, Jul 23, 2015 at 10:20 AM, Tobias Brunner <[email protected]> > wrote: >>> Since I am using this in a dynamic environment it is necessary for >>> me to add policies manually. >> >> While a traffic selector based on the triggering packet is also sent to >> the peer, this might not work that well. The daemon does not learn the >> policies you install manually, so you probably still have to load them >> using left|rightsubnet in auto=route configs. But you can add/remote >> configs dynamically and use `ipsec update` to notify the daemon (this >> also works with installpolicy=yes, of course - and similarly via VICI). >> >>> So variables such as 'keylifetime' need to be added for each conn. I >>> assumed there may be a way to define some parameters such as 'rekey' >>> margin for all connections. >> >> No, that has to be added for all connections (it's actually the same for >> ipsec.conf, there the parser just "adds" the options in %default to all >> other conn sections - the daemon always sees the complete config). >> >> Regards, >> Tobias >> _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
