Hi, Maybe charon-cmd is more useful for this use case. Other than that, you could script something with vici to create and initiate the configurations programmatically.
Kind regards Noel On 13.06.2018 22:27, Felipe Arturo Polanco wrote: > Hi, > > I would like to dynamically create connections to multiple IPSec peers based > on a child template. > > One missing piece I still have is how to override the traffic selector of a > child connection declared in swanctl.conf > > My child connection has this: > remote_ts = dynamic[udp/4789],dynamic[icmp] > > I would like to override this local_ts whenever I run: > swanctl --initiate --child myipsec1 --source <local_ip> --remote <peer_ip> > > I would like to add a specific subnet that is accessible through my peer, the > equivalent ts would be like this: > remote_ts = dynamic[udp/4789],dynamic[icmp],172.16.35.0/24 > <http://172.16.35.0/24> > > I do have dozens of peers and each has a specific subnet behind them. > > Is there any way of specifying/modifying the traffic selector of a connection > child to achieve this? > > Thanks,
signature.asc
Description: OpenPGP digital signature
