Hello everyone, I would like to finally drop the ipsec.conf and ipsec.secrets configuration files from my strongswan ipsec gateway. I have a couple of questions to ask.
I'm running strongswan 5.6.2 on Slackware linux (still systemd free). On my test bed, ipsec.conf and ipsec.secrets are those shipped with strongswan: they are both empty. I'm starting strongswan with the old 'ipsec start', and after I issue the command: 'swanctl -q' for loading the configuration files under /etc/swanctl/conf.d/* Am I right? Or is there a smarter way to start strongswan without the old 'ipsec' script? The second question is about the file format when multiple remote_ts need to be defined when ikev1 must be used. Here is my example: children { net-0ab10000 { local_ts = 10.139.10.0/23 remote_ts = 10.177.0.0/16 rekey_time = 8h start_action = trap esp_proposals = aes128-sha1-modp1024,aes256-sha1-modp1024 } net-0ab40000 { local_ts = 10.139.10.0/23 remote_ts = 10.180.0.0/16 rekey_time = 8h start_action = trap esp_proposals = aes128-sha1-modp1024,aes256-sha1-modp1024 } } Is there a way to not write in every section the parameters common to all the children sections (rekey_time, esp_proposals...)? Thanks in advance