Hi Noel, Thanks for your reply but I am not sure I completely understood your answer.
While waiting for a reply to my question, I tried this though: 1) Downloaded strongswan-starter deb file. Unpacked it. 2) Changed IPSEC_PIDDIR in usr/sbin/ipsec file to point to /etc/ipsec.d/run (rather than /var/run) 3) Re-built the deb file 4) Installed this new deb file on my ubuntu 14.04 host 5) Now ipsec binary does report piddir to be the changed location: a@strongswan3:~$ sudo ip netns exec blue ipsec --piddir /etc/ipsec.d/run But charon seems to still think the piddir is /var/run and hence wouldn't start the second instance. a@strongswan3:~$ sudo ip netns exec red ipsec start Starting strongSwan 5.1.2 IPsec [starter]... charon is already running (/var/run/charon.pid exists) -- skipping daemon start starter is already running (/var/run/starter.charon.pid exists) -- no fork done So obviously charon is getting its piddir from somewhere else. I am looking for source code to modify such that charon's piddir is not hardcoded to /var/run (as it currently seems to be). I'd like to make it modifiable via either a command line, conf file or some other similar way. Perhaps I may be okay to even hardcode it in my private .deb file to be /etc/ipsec.d/run rather than /var/run. Is there any pointer to achieving this? Requiring install from source code and modifying ./configure options to change piddir is just a no-go for me unfortunately. Thank you. Piyush On Wed, Apr 26, 2017 at 11:23 AM, Noel Kuntze <[email protected] > wrote: > You can't do that when you start charon using "ipsec" (which implicitely > calls "ipsec starter". > You can do it with charon-systemd, though (but then you need to start it > using systemd and you get a similiar problem). > > On 26.04.2017 20:11, Piyush Agarwal wrote: > > Hi, > > I need to run multiple ipsec charon daemons in multiple mininet > namespaces (perhaps some semantics change from ip namespaces). > > > > Sure enough, on following steps from https://wiki.strongswan.org/ > projects/strongswan/wiki/Netns (including piddir change), I could get > multiple charon daemons running with*ip network namespaces*. > > > > I am not trying to achieve two things: > > 1) Run multiple charon daemons with mininet namespaces > > 2) Be able to do so without requiring piddir configuration option change. > > > > Regarding (1): I am not sure if mininet namespaces provide for bind > mounting anything /etc/netns/<namespace name>/ to /etc/ for the process > running in that network namespace -- if it doesn't, I will bind mount > manually before starting charon/ipsec. So this should be okay. > > > > But, I am trying to find how I can do away the piddir configuration > change and make it work directly from the deb file install. Is there no way > to achieve this? No environment variable that can be set? > > > > Appreciate any comments/directions/pointers. > > > > Thank you. > > Piyush > > > > > > -- > > Piyush Agarwal > > Life can only be understood backwards; but it must be lived forwards. > > > > > > _______________________________________________ > > Users mailing list > > [email protected] > > https://lists.strongswan.org/mailman/listinfo/users > > -- > Noel Kuntze > IT security consultant > > GPG Key ID: 0x0739AD6C > Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C > > > -- Piyush Agarwal Life can only be understood backwards; but it must be lived forwards.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
