Hello Piyush, Did you try copying the files, instead of symlinking?
On 27.04.2017 01:04, Piyush Agarwal wrote: > Hi Noel, > Many thanks for the pointer. Your second suggestion might not work though: in > addition to changing daemon name, ipsec_starter also looks for an actual > daemon with that name which it won't find unless it is indeed "charon" always. > > My two namespaces here are "gateway" and "relay". > > a@strongswan3:~/strongswan$ sudo ip netns exec gateway /usr/lib/ipsec/starter > --daemon charon_gateway > Starting strongSwan 5.1.2 IPsec [starter]... > Disabling charon_gatewaystart option, '/usr/lib/ipsec/charon_gateway' not > found > > I then tried to symlink such that /usr/lib/ipsec/charon_gateway and > /usr/lib/ipsec/charon_relay are available (and pointing to > /usr/lib/ipsec/charon). But that leads to more mess with the daemon getting > continuously restarted. > > a@strongswan3:~/strongswan$ ps aux | grep ipsec > root 6114 0.1 0.0 15160 1456 ? Ss 22:58 0:00 > /usr/lib/ipsec/starter --daemon charon_relay > root 6253 0.0 0.0 552128 7228 ? Ssl 22:59 0:00 > /usr/lib/ipsec/charon_relay --use-syslog > > a@strongswan3:~/strongswan$ ps aux | grep ipsec > root 6114 0.1 0.0 15160 1456 ? Ss 22:58 0:00 > /usr/lib/ipsec/starter --daemon charon_relay > root 6535 0.0 0.0 552128 5044 ? Ssl 23:03 0:00 > /usr/lib/ipsec/charon_relay --use-syslog > > Sigh. > > > On Wed, Apr 26, 2017 at 3:27 PM, Noel Kuntze > <[email protected] > <mailto:[email protected]>> wrote: > > I just took a look at it and it seems you can change the file's name by > setting the --daemon[1] > parameter of ipsec starter. > > [1] > https://github.com/strongswan/strongswan/blob/master/src/starter/starter.c#L291 > > <https://github.com/strongswan/strongswan/blob/master/src/starter/starter.c#L291> > > On 27.04.2017 00 <tel:27.04.2017%2000>:25, Noel Kuntze wrote: > > Hello Piyush, > > > > The path to the PID file is hard coded during build time. > > Take a look at the source code of starter[1] and track the > > variable assignments down. > > > > [1] https://github.com/strongswan/strongswan/tree/master/src/starter > <https://github.com/strongswan/strongswan/tree/master/src/starter> > > > > Kind regards, > > Noel > > > > On 27.04.2017 00 <tel:27.04.2017%2000>:14, Piyush Agarwal wrote: > >> Hi Noel, > >> Thanks for your reply but I am not sure I completely understood your > answer. > >> > >> While waiting for a reply to my question, I tried this though: > >> > >> 1) Downloaded strongswan-starter deb file. Unpacked it. > >> 2) Changed IPSEC_PIDDIR in usr/sbin/ipsec file to point to > /etc/ipsec.d/run (rather than /var/run) > >> 3) Re-built the deb file > >> 4) Installed this new deb file on my ubuntu 14.04 host > >> 5) Now ipsec binary does report piddir to be the changed location: > >> > >> a@strongswan3:~$ sudo ip netns exec blue ipsec --piddir > >> /etc/ipsec.d/run > >> > >> But charon seems to still think the piddir is /var/run and hence > wouldn't start the second instance. > >> > >> a@strongswan3:~$ sudo ip netns exec red ipsec start > >> Starting strongSwan 5.1.2 IPsec [starter]... > >> charon is already running (/var/run/charon.pid exists) -- skipping > daemon start > >> starter is already running (/var/run/starter.charon.pid exists) -- no > fork done > >> > >> So obviously charon is getting its piddir from somewhere else. I am > looking for source code to modify such that charon's piddir is not hardcoded > to /var/run (as it currently seems to be). I'd like to make it modifiable via > either a command line, conf file or some other similar way. Perhaps I may be > okay to even hardcode it in my private .deb file to be /etc/ipsec.d/run > rather than /var/run. > >> > >> Is there any pointer to achieving this? Requiring install from source > code and modifying ./configure options to change piddir is just a no-go for > me unfortunately. > >> > >> Thank you. > >> Piyush > >> > >> On Wed, Apr 26, 2017 at 11:23 AM, Noel Kuntze > <[email protected] <mailto:[email protected] > <mailto:[email protected]>>> wrote: > >> > >> You can't do that when you start charon using "ipsec" (which > implicitely calls "ipsec starter". > >> You can do it with charon-systemd, though (but then you need to > start it using systemd and you get a similiar problem). > >> > >> On 26.04.2017 20 <tel:26.04.2017%2020> <tel:26.04.2017%2020>:11, > Piyush Agarwal wrote: > >> > Hi, > >> > I need to run multiple ipsec charon daemons in multiple mininet > namespaces (perhaps some semantics change from ip namespaces). > >> > > >> > Sure enough, on following steps from > https://wiki.strongswan.org/projects/strongswan/wiki/Netns > <https://wiki.strongswan.org/projects/strongswan/wiki/Netns> > <https://wiki.strongswan.org/projects/strongswan/wiki/Netns > <https://wiki.strongswan.org/projects/strongswan/wiki/Netns>> (including > piddir change), I could get multiple charon daemons running with*ip network > namespaces*. > >> > > >> > I am not trying to achieve two things: > >> > 1) Run multiple charon daemons with mininet namespaces > >> > 2) Be able to do so without requiring piddir configuration > option change. > >> > > >> > Regarding (1): I am not sure if mininet namespaces provide for > bind mounting anything /etc/netns/<namespace name>/ to /etc/ for the process > running in that network namespace -- if it doesn't, I will bind mount > manually before starting charon/ipsec. So this should be okay. > >> > > >> > But, I am trying to find how I can do away the piddir > configuration change and make it work directly from the deb file install. Is > there no way to achieve this? No environment variable that can be set? > >> > > >> > Appreciate any comments/directions/pointers. > >> > > >> > Thank you. > >> > Piyush > >> > > >> > > >> > -- > >> > Piyush Agarwal > >> > Life can only be understood backwards; but it must be lived > forwards. > >> > > >> > > >> > _______________________________________________ > >> > Users mailing list > >> > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > >> > https://lists.strongswan.org/mailman/listinfo/users > <https://lists.strongswan.org/mailman/listinfo/users> > <https://lists.strongswan.org/mailman/listinfo/users > <https://lists.strongswan.org/mailman/listinfo/users>> > >> > >> -- > >> Noel Kuntze > >> IT security consultant > >> > >> GPG Key ID: 0x0739AD6C > >> Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C > >> > >> > >> > >> > >> > >> -- > >> Piyush Agarwal > >> Life can only be understood backwards; but it must be lived forwards. > >> > >> > >> _______________________________________________ > >> Users mailing list > >> [email protected] <mailto:[email protected]> > >> https://lists.strongswan.org/mailman/listinfo/users > <https://lists.strongswan.org/mailman/listinfo/users> > > > > > > > > _______________________________________________ > > Users mailing list > > [email protected] <mailto:[email protected]> > > https://lists.strongswan.org/mailman/listinfo/users > <https://lists.strongswan.org/mailman/listinfo/users> > > > > > > > -- > Piyush Agarwal > Life can only be understood backwards; but it must be lived forwards.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
