Usage

1. Configuration files/directories used by strongSwan:

   • ipsec.conf

   • ipsec.secrets

   • ipsec.d/*/* (optional)

   • strongswan.conf (optional)

   • strongswan.d/*/* (optional)

2. strongSwan’s configuration base directory:

   # ipsec --confdir
   /etc/ike
   

3. strongSwan’s PID directory:

   # ipsec --piddir
   /etc/ike/ipsec.d/run
   

Depending on your configuration, IKE negotiations may be:

• initiated at startup,

• triggered by dataplane traffic requesting IPsec SAs, or

• triggered by an IKE negotiation request received from a remote IKE host.

See also

For more information, see the reference guide and configuration examples

Configuration Examples

• Configuration example without VRF
• Configuration example with VRF