Hi Marco, > Which is the correct way to start strongswan > without 'ipsec start' ?
You could start charon directly (see e.g. the script from our testing environment that Andreas referenced). On the other hand, you could also just continue to use starter (i.e. build with --enable-stroke) and just leave the ipsec.conf/ipsec.secrets files empty and don't load the stroke plugin (i.e. define charon.plugins.stroke.load = no in strongswan.conf or the config snipped in /etc/strongswan.d/charon). Regards, Tobias
