Hello Piyush, The path to the PID file is hard coded during build time. Take a look at the source code of starter[1] and track the variable assignments down.
[1] https://github.com/strongswan/strongswan/tree/master/src/starter Kind regards, Noel On 27.04.2017 00:14, Piyush Agarwal wrote: > Hi Noel, > Thanks for your reply but I am not sure I completely understood your answer. > > While waiting for a reply to my question, I tried this though: > > 1) Downloaded strongswan-starter deb file. Unpacked it. > 2) Changed IPSEC_PIDDIR in usr/sbin/ipsec file to point to /etc/ipsec.d/run > (rather than /var/run) > 3) Re-built the deb file > 4) Installed this new deb file on my ubuntu 14.04 host > 5) Now ipsec binary does report piddir to be the changed location: > > a@strongswan3:~$ sudo ip netns exec blue ipsec --piddir > /etc/ipsec.d/run > > But charon seems to still think the piddir is /var/run and hence wouldn't > start the second instance. > > a@strongswan3:~$ sudo ip netns exec red ipsec start > Starting strongSwan 5.1.2 IPsec [starter]... > charon is already running (/var/run/charon.pid exists) -- skipping daemon > start > starter is already running (/var/run/starter.charon.pid exists) -- no fork > done > > So obviously charon is getting its piddir from somewhere else. I am looking > for source code to modify such that charon's piddir is not hardcoded to > /var/run (as it currently seems to be). I'd like to make it modifiable via > either a command line, conf file or some other similar way. Perhaps I may be > okay to even hardcode it in my private .deb file to be /etc/ipsec.d/run > rather than /var/run. > > Is there any pointer to achieving this? Requiring install from source code > and modifying ./configure options to change piddir is just a no-go for me > unfortunately. > > Thank you. > Piyush > > On Wed, Apr 26, 2017 at 11:23 AM, Noel Kuntze <[email protected] > <mailto:[email protected]>> wrote: > > You can't do that when you start charon using "ipsec" (which implicitely > calls "ipsec starter". > You can do it with charon-systemd, though (but then you need to start it > using systemd and you get a similiar problem). > > On 26.04.2017 20 <tel:26.04.2017%2020>:11, Piyush Agarwal wrote: > > Hi, > > I need to run multiple ipsec charon daemons in multiple mininet > namespaces (perhaps some semantics change from ip namespaces). > > > > Sure enough, on following steps from > https://wiki.strongswan.org/projects/strongswan/wiki/Netns > <https://wiki.strongswan.org/projects/strongswan/wiki/Netns> (including > piddir change), I could get multiple charon daemons running with*ip network > namespaces*. > > > > I am not trying to achieve two things: > > 1) Run multiple charon daemons with mininet namespaces > > 2) Be able to do so without requiring piddir configuration option > change. > > > > Regarding (1): I am not sure if mininet namespaces provide for bind > mounting anything /etc/netns/<namespace name>/ to /etc/ for the process > running in that network namespace -- if it doesn't, I will bind mount > manually before starting charon/ipsec. So this should be okay. > > > > But, I am trying to find how I can do away the piddir configuration > change and make it work directly from the deb file install. Is there no way > to achieve this? No environment variable that can be set? > > > > Appreciate any comments/directions/pointers. > > > > Thank you. > > Piyush > > > > > > -- > > Piyush Agarwal > > Life can only be understood backwards; but it must be lived forwards. > > > > > > _______________________________________________ > > Users mailing list > > [email protected] <mailto:[email protected]> > > https://lists.strongswan.org/mailman/listinfo/users > <https://lists.strongswan.org/mailman/listinfo/users> > > -- > Noel Kuntze > IT security consultant > > GPG Key ID: 0x0739AD6C > Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C > > > > > > -- > Piyush Agarwal > Life can only be understood backwards; but it must be lived forwards. > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
