Lines 235-258
Link Here
|
235 |
if use non-root; then |
235 |
if use non-root; then |
236 |
elog |
236 |
elog |
237 |
elog "${PN} has been installed without superuser privileges (USE=non-root)." |
237 |
elog "${PN} has been installed without superuser privileges (USE=non-root)." |
238 |
elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'" |
|
|
239 |
elog "but also a few to the IKEv2 daemon 'charon'." |
240 |
elog |
238 |
elog |
241 |
elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" |
239 |
elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot" |
242 |
elog |
240 |
elog |
243 |
elog "pluto uses a helper script by default to insert/remove routing and" |
241 |
elog "If you require a custom updown script which requires superuser" |
244 |
elog "policy rules upon connection start/stop which requires superuser" |
242 |
elog "privileges, you can work around this limitation by using sudo to" |
245 |
elog "privileges. charon in contrast does this internally and can do so" |
243 |
elog "grant the user \"${UGID}\" the appropriate rights." |
246 |
elog "even with reduced (user) privileges." |
|
|
247 |
elog |
248 |
elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown" |
249 |
elog "script to pluto or charon which requires superuser privileges, you" |
250 |
elog "can work around this limitation by using sudo to grant the" |
251 |
elog "user \"ipsec\" the appropriate rights." |
252 |
elog "For example (the default case):" |
244 |
elog "For example (the default case):" |
253 |
elog "/etc/sudoers:" |
245 |
elog "/etc/sudoers.d/strongswan:" |
254 |
elog " Defaults:ipsec always_set_home,!env_reset" |
246 |
elog " Defaults:${UGID} always_set_home,!env_reset" |
255 |
elog " ipsec ALL=(ALL) NOPASSWD: /usr/sbin/ipsec" |
247 |
elog " ${UGID} ALL=(ALL) NOPASSWD: /usr/sbin/ipsec _updown" |
256 |
elog "Under the specific connection block in /etc/ipsec.conf:" |
248 |
elog "Under the specific connection block in /etc/ipsec.conf:" |
257 |
elog " leftupdown=\"sudo ipsec _updown\"" |
249 |
elog " leftupdown=\"sudo ipsec _updown\"" |
258 |
elog |
250 |
elog |