Page MenuHomeVyOS Platform

Add charon settings to 1.2.x configuration CLI


There are several settings in /etc/strongswan.d/charon.conf that should be configurable.

install_routes and install_virtual_ip in particular have defaults that tend to cause me grief.


Difficulty level
Normal (likely a few hours)
20160524 nightly build
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

install_routes sets a default route in table 220. If this happens on both ends of the tunnel you end up with a circular route.
install_virtual_ip attempts to install an address on the local interface for the ip used in the tunnel

syncer triaged this task as Wishlist priority.May 25 2016, 3:36 AM

abferm, could you work out which other settings would be typically employed w/ a syntax proposal. This way we would implement all at once (saving time).

The full list of options is available here

I can search around and see if I can find any examples of people changing these options and figure out which are commonly used.

As far as syntax, how does putting them in a subsection of "vpn ipsec" called 'daemon' sound, ie: 'set vpn ipsec daemon install_routes no"

I've found examples of people setting accept_unencrypted_mainmode_messages, cisco_unity, ikesa_table_segments, ikesa_table_size, and init_limit_half_open.

However, reading through the descriptions many of the options sound useful. It shouldn't be too hard to implement all of them, should it?

syncer raised the priority of this task from Wishlist to High.Jun 25 2018, 10:06 AM
syncer changed the subtype of this task from "Task" to "Feature Request".Oct 18 2018, 5:47 AM
syncer lowered the priority of this task from High to Normal.Nov 9 2018, 8:55 PM
Viacheslav changed Difficulty level from Easy (less than an hour) to Normal (likely a few hours).
Viacheslav set Is it a breaking change? to Unspecified (possibly destroys the router).