[Swan-dev] Converting all test cases to not use ipsec.conf.common
Antony Antony
antony at phenome.org
Wed Oct 4 08:30:42 UTC 2017
How about one level of "also="
A few globally well defined connections with one connection per file e.g.
westnet-eastnet.conf in /testing/baseconfig/etc/ipsec.d.
This file do not contain "also=" line. However, they are not necessary full
connection.
The test specific config: basic-pluto-01/ipsec.conf
will have include /etc/ipsec.d/westnet-eastnet.conf
and one or more "also=" if necessary.
swa-prep will copy /testing/baseconfig/etc/ipsec.d/westnet-eastnet.conf to
/etc/ipsec.d
In short,
basic-pluto-01/ipsec.conf could have multiple "also=" lines and
westnet-eastnet.conf should not contain an "also="
On Tue, Sep 26, 2017 at 08:36:03PM -0400, Paul Wouters wrote:
>
> Hi,
>
> We have talked about this in the past, but before I go ahead, I wanted
> to ask if anyone objects to the test cases being converted to standalone
> configuration files that no longer use or need ipsec.conf.common.
>
> The advantage is that each test case is its own documentation case. This
> is very useful to our users. Right now due to the also= includes, this
> is useless to endusers as documentation.
>
> The disadvantage is that any changes that upto now could be made in an
> also= conn that is included would effect all the conns that use it.
> After this rewrite, there is no easy way to edit an include file. For
> example, if we change the rsw RSA key on west, it means changing all
> the raw RSA testcases to update the *.conf files.
>
> I've made the changes that allow me to use ipsec readwriteconf to
> convert all test cases in an automated way. If I hear now object this
> week, I'll go ahead sometime next week.
>
> Paul
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list