tobiasbrunner
commented
1 year ago You can't enable such things without code changes. What's the reason you use strongMan in the first place?
Closed TelDragon closed 1 year ago
tobiasbrunner
commented
1 year ago You can't enable such things without code changes. What's the reason you use strongMan in the first place?
TelDragon
commented
1 year ago You can't enable such things without code changes. What's the reason you use strongMan in the first place?
First of all, thank you to the powerful author for developing such a powerful open source software!
At first, when I learned about ipsec vpn, I found strongswan and followed the old configuration file (ipsec. conf). However, I found that this type of configuration had been abandoned and replaced by Vici swanctl. As this project is difficult for beginners to get started, they want to use GUI to manage and create this project. Later on, I learned about network manager strengths (because my system does not have a desktop, I abandoned this option) and there is also a project that has been abandoned. Finally, we chose the officially supported strongMan. I found that the project is so powerful that it can manage servers
tobiasbrunner
commented
1 year ago As this project is difficult for beginners to get started, they want to use GUI to manage and create this project.
You think so? I feel the basic configs are quite simple and easy to understand (see e.g. the examples in the docs). The advantage is that these can easily be extended if needed.
Later on, I learned about network manager strengths (because my system does not have a desktop, I abandoned this option) and there is also a project that has been abandoned.
The NetworkManager plugin is client-only, i.e. for roadwarriors. So that woulnd't be an option on a gateway. And what abandoned project are you referring to?
Finally, we chose the officially supported strongMan. I found that the project is so powerful that it can manage servers
strongMan is basically just a (granted quite elaborate) proof-of-concept frontend for the vici interface. It has a lot of limitations and we don't have the resources to work on it. The server configs it generates are basically what you can find in the examples I linked above.
When fully using GUI configuration, do not use the swanctl. conf configuration file method.
How to enable advanced features? For example, 'down'
[https://www.[strongswan.org/testing/testresults/ikev2/protoport-dual/moon.swanctl.conf](https://www.strongswan.org/testing/testresults/ikev2/protoport-dual/moon.swanctl.conf)