Project

General

Profile

Issue #3294

swanctl vs ipsec

Added by zhenxing huang over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Low
Category:
configuration
Affected version:
5.8.1
Resolution:
No change required

Description

HELLO
We are using ipsec now and are planning to switch to swanctl。
I encountered many problems。
e.g
A:)
I pass ./configure by default make and install,however,when initiate a connection it say that

connecting to 'unix:///var/run/charon.vici' failed: No such file or directory
Error: connecting to 'default' URI failed: No such file or directory
strongSwan 5.8.1 swanctl
usage:
  swanctl --initiate [--child <name>] [--ike <name>] [--timeout <s>] [--raw|--pretty]
           --help            (-h)  show usage information
           --child           (-c)  initiate a CHILD_SA configuration
           --ike             (-i)  initiate an IKE_SA, or name of child's parent
           --timeout         (-t)  timeout in seconds before detaching
           --raw             (-r)  dump raw response message
           --pretty          (-P)  dump raw response message in pretty print
           --loglevel        (-l)  verbosity of redirected log
           --debug           (-v)  set debug level, default: 1
           --options         (-+)  read command line options from file
           --uri             (-u)  service URI to connect to


B:)
if peer is adsl (No fixed ip),the local(remote)_addrs = ?
C:)
Can local be ipsec and remote be swanctl?
D:)
Can i disenable ipsec using swanctl only?
E:)
I think the description of swanctl.conf is not detailed enough as preferred unlike ipsec.conf
https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf

thanks.

History

#1 Updated by zhenxing huang over 2 years ago

All answers found apart from C'
swanctl can't connect to ipsec when setting secret=CMkziefH@jqfXdPS6oq5!PQXSz0G#IChj on swanctl.conf
when use secret=CMkziefHjqfXdPS6oq5PQXSz0GIChj is working.
Whether characters are not supported?

and what is 0t key format? https://users.strongswan.narkive.com/jWs09TYF/problem-in-configuring-the-strongswan-debug-messge-is-next-payload-type-of-isakmp-message-has-an

#2 Updated by Tobias Brunner over 2 years ago

  • Category set to configuration
  • Status changed from New to Feedback

Whether characters are not supported?

The # character is used for comments (the rest of the line is ignored). To use it in a config value (e.g. a secret) enclose the whole thing in double quotes (i.e. secret="CMkziefH@jqfXdPS6oq5!PQXSz0G#IChj").

and what is 0t key format?

I guess that was something FreeS/WAN supported.

#3 Updated by zhenxing huang over 2 years ago

Tobias Brunner wrote:

Whether characters are not supported?

The # character is used for comments (the rest of the line is ignored). To use it in a config value (e.g. a secret) enclose the whole thing in double quotes (i.e. secret="CMkziefH@jqfXdPS6oq5!PQXSz0G#IChj").

and what is 0t key format?

I guess that was something FreeS/WAN supported.

Thanks for your reply.
Close this please

#4 Updated by Tobias Brunner over 2 years ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No change required

Also available in: Atom PDF