-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Mohammed,
VICI does not seem to provide that function - among others -, unlike ipsec.conf. You will need to patch strongswan to make that option setable through VICI. Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 04.08.2015 um 02:27 schrieb Mohammad Ahmad: > Hi, > > I am not able to figure out how to set installpolicy=false through the > vici plugin. There is no installpolicy variable in the child_data_t > struct in vici_config.c although there is a install policy variable in > the libcharon config. > > How can I set installpolicy=false? I want to add policies manually. > > Ahmad > > On Thu, Jul 23, 2015 at 3:08 PM, Mohammad Ahmad <[email protected]> > wrote: >> Thanks for the help! That solved the problem. >> >> Now I am moving on to using the vici plugin! >> >> On Thu, Jul 23, 2015 at 10:20 AM, Tobias Brunner <[email protected]> >> wrote: >>>> Since I am using this in a dynamic environment it is necessary for >>>> me to add policies manually. >>> >>> While a traffic selector based on the triggering packet is also sent to >>> the peer, this might not work that well. The daemon does not learn the >>> policies you install manually, so you probably still have to load them >>> using left|rightsubnet in auto=route configs. But you can add/remote >>> configs dynamically and use `ipsec update` to notify the daemon (this >>> also works with installpolicy=yes, of course - and similarly via VICI). >>> >>>> So variables such as 'keylifetime' need to be added for each conn. I >>>> assumed there may be a way to define some parameters such as 'rekey' >>>> margin for all connections. >>> >>> No, that has to be added for all connections (it's actually the same for >>> ipsec.conf, there the parser just "adds" the options in %default to all >>> other conn sections - the daemon always sees the complete config). >>> >>> Regards, >>> Tobias >>> > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVwAdAAAoJEDg5KY9j7GZYI94P/2XKC4xonbLc/im8DN//wxP0 I6fm7oZ9kSL7lZcHkQGeUQyb/ZYe4nYIFlNUjfI/2hkkyGaf2wyq1QBCa1FHX3FM Vtby94NCQGg0omQ4hilqzXeu+Gt3Tqli99O0+9+eaQpDyY+0dpUoBorUd18X+kB7 VL5QCYzYCA6JWHbAlvL2IlsJJ054wqePTDAczHUHeSO5u/QnkBXwE81Kq5Hqo3tu 0ubODMk8c4aJ0OKNd63Iv4dqV/OH69kDJ5x6ogAImBuCprfPnhRaG0j58jbwujkn cdIoR0r9Q9yX7M11pRPtti5Qm9XpRRa6IZY27FjAuEuyvJZlA4WGwPXRJmuUkeie dz70HsnQijibi6MZt4AdZUELGcmfKnJKVF1PvjRH9rf0702H1w5T+a9rxZgYlRjD 2gAjU2m3OZQzWGTTfX85e++7QGI6x194fOG7baCXtJ5GPp60BgvZ1OIKnbcMRABH /Ont3fyp4MtAp0K44gY9vuu/hOBU8pddJknvUOy7lZJdgFJ1BwmVska23eQoRpuZ wBDlx9nKcScvZoXJJlJUhibvINWTYPZvuZfNG+7poS6z2k8wibtJMBx69bhv6oXU IzCXOQTXdvWr7RZzjlK9YPiD28Is3duEP6UvmkNSA7qv9opjwuzKTtYe9WchqcXL DGT6/vyQaAnIR0kQ+FdR =j+LI -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
