[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-announce
Subject: Re: [strongSwan-dev] [PATCH v2 1/1] feature 3590: support modular conf and secrets files
From: Noel Kuntze <noel.kuntze+strongswan-dev-ml () thermi ! consulting>
Date: 2020-10-10 13:39:04
Message-ID: 14e29c59-32b1-70de-9bfc-2407e19e7b7d () thermi ! consulting
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
Already supported OOTB, just needs to add "include" and the path in the config files.
Starter and by extension stroke and ipsec.conf and ipsec.secrets are deprecated and \
hence this probably won't be merged. Use swanctl instead.
Am 10.10.20 um 02:41 schrieb Philip Prindeville:
> From: Philip Prindeville <philipp@redfish-solutions.com>
>
> As certs, CAs, keys, etc. are all contained individually in their
> own files, so should it be with configurations and secrets. This
> makes managing a VPN concentrator with scripts easier since you
> don't have to worry about replacing/deleting/etc parts of a file:
> you either write the entire file, or you delete the entire file.
>
> Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
> ---
> man/ipsec.secrets.5.in | 2 +-
> src/starter/Makefile.am | 2 ++
> src/starter/ipsec.conf | 2 ++
> src/starter/ipsec.secrets | 2 ++
> 4 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/man/ipsec.secrets.5.in b/man/ipsec.secrets.5.in
> index 15e36faff30ff50cbdc3cbe1793feeef46d7e880..9b06458a196946a8a9c719f1d1f2c1a8d4c696ad \
> 100644
> --- a/man/ipsec.secrets.5.in
> +++ b/man/ipsec.secrets.5.in
> @@ -27,7 +27,7 @@ carol : XAUTH "4iChxLT3"
> dave : XAUTH "ryftzG4A"
>
> # get secrets from other files
> -include ipsec.*.secrets
> +include ipsec.d/secrets/*
> .fi
> .RE
> .LP
> diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
> index 298a1fb5782776b5f869cbada1f768cbbf0528f9..107cea630223039e6104a0fcbd80b1fcaee98c46 \
> 100644
> --- a/src/starter/Makefile.am
> +++ b/src/starter/Makefile.am
> @@ -68,4 +68,6 @@ install-exec-local :
> test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d \
> "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true test -e \
> "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 \
> "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true test -e \
> "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf \
> $(DESTDIR)$(sysconfdir)/ipsec.conf || true + test -e \
> "$(DESTDIR)${sysconfdir}/ipsec.d/conf" || $(INSTALL) -d -m 750 \
> "$(DESTDIR)$(sysconfdir)/ipsec.d/conf" || true test -e \
> "$(DESTDIR)$(sysconfdir)/ipsec.secrets" || $(INSTALL) -m 600 \
> $(srcdir)/ipsec.secrets $(DESTDIR)$(sysconfdir)/ipsec.secrets || true + test -e \
> "$(DESTDIR)${sysconfdir}/ipsec.d/conf" || $(INSTALL) -d -m 700 \
> "$(DESTDIR)$(sysconfdir)/ipsec.d/secrets" || true
> diff --git a/src/starter/ipsec.conf b/src/starter/ipsec.conf
> index a33d68c0a34aaa30dd3c8a0f31dfe74ef609ded8..2c82a9f774c5c3542f953890d63cdb3caf83c0e5 \
> 100644
> --- a/src/starter/ipsec.conf
> +++ b/src/starter/ipsec.conf
> @@ -26,3 +26,5 @@ config setup
> # rightsubnet=10.2.0.0/16
> # rightid="C=CH, O=Linux strongSwan CN=peer name"
> # auto=start
> +
> +include ipsec.d/conf/*.conf
> diff --git a/src/starter/ipsec.secrets b/src/starter/ipsec.secrets
> index dae7709a126b6a82c4a6a77a9a9dd087b1e6f8c7..6b3b8964a26df3c10b05f93a1b6a29d43d3c0bf5 \
> 100644
> --- a/src/starter/ipsec.secrets
> +++ b/src/starter/ipsec.secrets
> @@ -1 +1,3 @@
> # ipsec.secrets - strongSwan IPsec secrets file
> +
> +include ipsec.d/secrets/*
>
--
Noel Kuntze
IT security consultant
GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic