# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
moon::cat /etc/swanctl/swanctl_base.conf
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-carol
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
cache_crls = yes
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
cache_crls = yes
}
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::rm /etc/swanctl/x509crl/*
carol::rm /etc/swanctl/x509crl/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
}
-
plugins {
dhcp {
server = 10.1.255.255
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
venus::cat /var/state/dhcp/dhcpd.leases
venus::server isc-dhcp-server stop 2> /dev/null
moon::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.rules
venus::cat /etc/dhcp/dhcpd.conf
venus::service isc-dhcp-server start 2> /dev/null
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home 2> /dev/null
dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auth = /usr/local/sbin/swanctl --load-authorities
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auth = /usr/local/sbin/swanctl --load-authorities
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auth = /usr/local/sbin/swanctl --load-authorities
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home 2> /dev/null
dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
plugins {
attr-sql {
database = sqlite:///etc/db.d/ipsec.db
pool {
load = sqlite
+ database = sqlite:///etc/db.d/ipsec.db
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
carol::ip route del 10.1.0.0/16 via 192.168.0.1
dave::ip route del 10.1.0.0/16 via 192.168.0.1
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
carol::ip route add 10.1.0.0/16 via 192.168.0.1
dave::ip route add 10.1.0.0/16 via 192.168.0.1
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
plugins {
eap-radius {
secret = gv6URkSs
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
alice::killall radiusd
carol::cat /etc/ipsec.d/triplets.dat
dave::cat /etc/ipsec.d/triplets.dat
alice::radiusd
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home 2> /dev/null
dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
-carol::rm -r /etc/swanctl
-dave::rm -r /etc/swanctl
-moon::rm -r /etc/swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection research
carol::expect-connection alice
carol::swanctl --initiate --child alice 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
auth {
default = 0
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
auth {
default = 0
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::rm /etc/swanctl/pkcs8/*
sun::rm /etc/swanctl/rsa/sunKey.pem
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
}
}
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
}
}
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
}
}
moon::swanctl --terminate --ike gw-gw 2> /dev/null
sun::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
-carol::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
carol::expect-connection gw-moon
carol::expect-connection gw-sun
moon::expect-connection gw-gw
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
multiple_authentication = no
+
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
plugins {
forecast {
groups = 224.0.0.251
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
multiple_authentication = no
+
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
plugins {
forecast {
groups = 224.0.0.251
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships
sun::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default vici updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default vici updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::rm /etc/swanctl/pubkey/*
moon::iptables-restore < /etc/iptables.rules
sun::cd /etc/swanctl; rm x509/* x509ca/*
moon::cd /etc/swanctl; rm x509/* x509ca/*
-sun::service charon start 2> /dev/null
-moon::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
sun::expect-connection gw-gw
moon::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
-sun::service charon start 2> /dev/null
-moon::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
sun::expect-connection gw-gw
moon::expect-connection gw-gw
alice::ping -c 3 -W 1 -i 0.2 PH_IP_BOB
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
-sun::service charon start 2> /dev/null
-moon::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
moon::sleep 0.5
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auths = /usr/local/sbin/swanctl --load-authorities
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
}
plugins {
revocation {
enable_ocsp = no
}
- }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
plugins {
revocation {
enable_ocsp = no
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home 2> /dev/null
dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
carol::rm -r /etc/swanctl
dave::rm -r /etc/swanctl
moon::rm -r /etc/swanctl
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection research
carol::expect-connection home
carol::swanctl --initiate --child alice 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auths = /usr/local/sbin/swanctl --load-authorities
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection icmp
moon::expect-connection ssh
carol::expect-connection icmp
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection icmp-req
moon::expect-connection icmp-rep
moon::expect-connection ftp-ssh
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
plugins {
ipseckey {
enable = yes
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
plugins {
ipseckey {
enable = yes
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac vici kernel-netlink socket-default updown attr
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::rm /etc/swanctl/pubkey/*
carol::rm /etc/swanctl/pubkey/*
dave::rm /etc/swanctl/pubkey/*
moon::cd /etc/swanctl; rm x509/* x509ca/*
carol::cd /etc/swanctl; rm x509/* x509ca/*
dave::cd /etc/swanctl; rm x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
plugins {
eap-simaka-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
plugins {
eap-simaka-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
carol::cd /etc/ipsec.d; cat tables.sql data.sql > ipsec.sql; cat ipsec.sql | sqlite3 ipsec.db
moon::cd /etc/ipsec.d; cat tables.sql data.sql > ipsec.sql; cat ipsec.sql | sqlite3 ipsec.db
carol::cd /etc/swanctl; rm rsa/* x509/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-eap
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
carol::cd /etc/swanctl; rm rsa/* x509/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-eap
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
libtls {
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
libtls {
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
hash_and_url = yes
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
hash_and_url = yes
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
hash_and_url = yes
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
auth {
default = 0
}
daemon {
- cfg = 1
- ike = 1
+ cfg = 1
+ ike = 1
}
}
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce des sha1 sha2 hmac pkcs1 pem x509 revocation gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
auth {
default = 0
}
daemon {
cfg = 1
- ike = 1
+ ike = 1
}
}
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes des sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
auth {
default = 0
}
daemon {
- cfg = 1
- ike = 1
+ cfg = 1
+ ike = 1
}
- }
+ }
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection net-1
moon::expect-connection net-2
carol::expect-connection home
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
}
-charon {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
}
-charon {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::cd /etc/swanctl; rm rsa/* x509/moonCert.pem x509ca/strongswanCert.pem
carol::cd /etc/swanctl; rm rsa/* x509/carolCert.pem x509ca/strongswanCert.pem
dave::cd /etc/swanctl; rm rsa/* x509/daveCert.pem x509ca/strongswanCert.pem
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::cd /etc/swanctl; rm rsa/* x509/moonCert.pem x509ca/strongswanCert.pem
carol::cd /etc/swanctl; rm rsa/* x509/carolCert.pem x509ca/strongswanCert.pem
dave::cd /etc/swanctl; rm rsa/* x509/daveCert.pem x509ca/strongswanCert.pem
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
auth {
default = 0
}
daemon {
- cfg = 1
- ike = 1
+ cfg = 1
+ ike = 1
}
}
}
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac gmp kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
auth {
default = 0
}
daemon {
cfg = 1
- ike = 1
+ ike = 1
}
}
}
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 gmp kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
auth {
default = 0
}
daemon {
- cfg = 1
- ike = 1
+ cfg = 1
+ ike = 1
}
- }
+ }
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection net-1
moon::expect-connection net-2
carol::expect-connection home
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
}
}
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
}
}
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 hmac curve25519 kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
}
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pubkey openssl random
+ load = pem pkcs1 pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pubkey openssl random
+ load = pem pkcs1 pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::rm /etc/swanctl/pubkey/*
carol::rm /etc/swanctl/pubkey/*
dave::rm /etc/swanctl/pubkey/*
moon::cd /etc/swanctl; rm x509/* x509ca/*
carol::cd /etc/swanctl; rm x509/* x509ca/*
dave::cd /etc/swanctl; rm x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pubkey openssl random
+ load = pem pkcs1 pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pubkey openssl random
+ load = pem pkcs1 pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::rm /etc/swanctl/pubkey/*
carol::rm /etc/swanctl/pubkey/*
dave::rm /etc/swanctl/pubkey/*
carol::cd /etc/swanctl; rm x509/* x509ca/*
dave::cd /etc/swanctl; rm x509/* x509ca/*
moon::cat /etc/swanctl/swanctl_base.conf
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-carol
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
keep_alive = 5
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
keep_alive = 5
}
-alice::service charon stop 2> /dev/null
-venus::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+alice::systemctl stop strongswan-swanctl
+venus::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
sun::iptables-restore < /etc/iptables.flush
moon::iptables -t nat -F
sun::iptables-restore < /etc/iptables.rules
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
-sun::service charon start 2> /dev/null
-alice::service charon start 2> /dev/null
-venus::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+alice::systemctl start strongswan-swanctl
+venus::systemctl start strongswan-swanctl
sun::expect-connection nat-t
alice::expect-connection nat-t
venus::expect-connection nat-t
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation gmp curl xauth-generic kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation gmp curl xauth-generic kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation gmp curl xauth-generic kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
}
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null