Need to do 'swanctl --load-all' every boot

To: debian-user@lists.debian.org
Subject: Need to do 'swanctl --load-all' every boot
From: "Sijmen J. Mulder" <ik@sjmulder.nl>
Date: Thu, 8 Apr 2021 12:51:22 +0200
Message-id: <[🔎] 20210408125122.3917a18c8899f56868f41ba3@sjmulder.nl>

Hi all,

I've set up an IPsec + IKEv2 VPN server ('road warrior' set up) on
Debian 10 with StrongSwan. It was my understanding that
/etc/strongswan.d/swanctl.conf is the modern way to configure it
so that's what I did.

But now after every boot I have to run 'swanctl --load-all' to be able
to be able to authenticate with the VPN. I found a slightly related
Stack Exchange post[1] which talks about charon-systemd vs.
starter/chron and to be honest it's not quite clear to me what these
different parts are supposed to do.

These are the strongswan and charon packages I have installed:

 charon-systemd
 libcharon-extra-plugins
 libstrongswan
 libstrongswan-extra-plugins
 libstrongswan-standard-plugins
 strongswan-charon
 strongswan-libcharon
 strongswan-starter
 strongswan-swanctl

So it looks like *both* the starter and charon-systemd are installed.
But when I remove the starter the service doesn't seem to work at all -
I can't initiate IPsec connections to the machine then.

There is of course the StrongSwan documentation but it didn't help me
in this aspect.

Any ideas?

Thanks,
Sijmen Mulder

1: https://unix.stackexchange.com/questions/557032/how-to-start-a-swanctl-conf-configured-tunnel-automatically

Reply to:

Follow-Ups:
- Re: Need to do 'swanctl --load-all' every boot
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: .profile not being src'd at login on uptodate buster
Next by Date: Re: Boot better have mounted on root or /boot ?
Previous by thread: Re: Boot better have mounted on root or /boot ?
Next by thread: Re: Need to do 'swanctl --load-all' every boot
Index(es):
- Date
- Thread