I just took a look at it and it seems you can change the file's name by setting the --daemon[1] parameter of ipsec starter.
[1] https://github.com/strongswan/strongswan/blob/master/src/starter/starter.c#L291 On 27.04.2017 00:25, Noel Kuntze wrote: > Hello Piyush, > > The path to the PID file is hard coded during build time. > Take a look at the source code of starter[1] and track the > variable assignments down. > > [1] https://github.com/strongswan/strongswan/tree/master/src/starter > > Kind regards, > Noel > > On 27.04.2017 00:14, Piyush Agarwal wrote: >> Hi Noel, >> Thanks for your reply but I am not sure I completely understood your answer. >> >> While waiting for a reply to my question, I tried this though: >> >> 1) Downloaded strongswan-starter deb file. Unpacked it. >> 2) Changed IPSEC_PIDDIR in usr/sbin/ipsec file to point to /etc/ipsec.d/run >> (rather than /var/run) >> 3) Re-built the deb file >> 4) Installed this new deb file on my ubuntu 14.04 host >> 5) Now ipsec binary does report piddir to be the changed location: >> >> a@strongswan3:~$ sudo ip netns exec blue ipsec --piddir >> /etc/ipsec.d/run >> >> But charon seems to still think the piddir is /var/run and hence wouldn't >> start the second instance. >> >> a@strongswan3:~$ sudo ip netns exec red ipsec start >> Starting strongSwan 5.1.2 IPsec [starter]... >> charon is already running (/var/run/charon.pid exists) -- skipping daemon >> start >> starter is already running (/var/run/starter.charon.pid exists) -- no fork >> done >> >> So obviously charon is getting its piddir from somewhere else. I am looking >> for source code to modify such that charon's piddir is not hardcoded to >> /var/run (as it currently seems to be). I'd like to make it modifiable via >> either a command line, conf file or some other similar way. Perhaps I may be >> okay to even hardcode it in my private .deb file to be /etc/ipsec.d/run >> rather than /var/run. >> >> Is there any pointer to achieving this? Requiring install from source code >> and modifying ./configure options to change piddir is just a no-go for me >> unfortunately. >> >> Thank you. >> Piyush >> >> On Wed, Apr 26, 2017 at 11:23 AM, Noel Kuntze <[email protected] >> <mailto:[email protected]>> wrote: >> >> You can't do that when you start charon using "ipsec" (which implicitely >> calls "ipsec starter". >> You can do it with charon-systemd, though (but then you need to start it >> using systemd and you get a similiar problem). >> >> On 26.04.2017 20 <tel:26.04.2017%2020>:11, Piyush Agarwal wrote: >> > Hi, >> > I need to run multiple ipsec charon daemons in multiple mininet >> namespaces (perhaps some semantics change from ip namespaces). >> > >> > Sure enough, on following steps from >> https://wiki.strongswan.org/projects/strongswan/wiki/Netns >> <https://wiki.strongswan.org/projects/strongswan/wiki/Netns> (including >> piddir change), I could get multiple charon daemons running with*ip network >> namespaces*. >> > >> > I am not trying to achieve two things: >> > 1) Run multiple charon daemons with mininet namespaces >> > 2) Be able to do so without requiring piddir configuration option >> change. >> > >> > Regarding (1): I am not sure if mininet namespaces provide for bind >> mounting anything /etc/netns/<namespace name>/ to /etc/ for the process >> running in that network namespace -- if it doesn't, I will bind mount >> manually before starting charon/ipsec. So this should be okay. >> > >> > But, I am trying to find how I can do away the piddir configuration >> change and make it work directly from the deb file install. Is there no way >> to achieve this? No environment variable that can be set? >> > >> > Appreciate any comments/directions/pointers. >> > >> > Thank you. >> > Piyush >> > >> > >> > -- >> > Piyush Agarwal >> > Life can only be understood backwards; but it must be lived forwards. >> > >> > >> > _______________________________________________ >> > Users mailing list >> > [email protected] <mailto:[email protected]> >> > https://lists.strongswan.org/mailman/listinfo/users >> <https://lists.strongswan.org/mailman/listinfo/users> >> >> -- >> Noel Kuntze >> IT security consultant >> >> GPG Key ID: 0x0739AD6C >> Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C >> >> >> >> >> >> -- >> Piyush Agarwal >> Life can only be understood backwards; but it must be lived forwards. >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
