LinuxQuestions.org - openswan - include statement in ipsec.conf & ipsec.secrets

Hello LQ,

I've been studying openswan and do have it successfully connecting to a Cisco router. ISAKMP & IPsec SA(s) come up. 2-way traffic is seen across tunnel.

Just curious...though.

I put an "include" statement in both /etc/ipsec.conf & /etc/ipsec.secrets as follows:

Code:

op@deb7test:/etc$ cat /etc/ipsec.conf | grep include

include /etc/ipsec.d/ipsec.*.conf



op@deb7test:/etc$ sudo cat /etc/ipsec.secrets | grep include

include /etc/ipsec.d/ipsec.*.secrets



op1@deb7test:/etc/ipsec.d$ ls -l | grep ipsec\.

-rw-r--r-- 1 root root  243 Oct 14 22:35 ipsec.testopenswan.conf

-rw------- 1 root root  34 Oct 14 22:36 ipsec.testopenswan.secrets



op1@deb7test:/etc/ipsec.d$ cat ipsec.testopenswan.conf | grep conn

conn testopenswan

So here's the question.... When I run the command 'sudo ipsec auto --up testopenswan, how does openswan know which secrets file to use for the pre-shared key?

In this case there is only one .secrets file, but if I had multiple "profiles" (conf & secrets files), I'm wondering how it knows to choose the correct secrets file?

Maybe it goes by filename (?) (and I just lucked out, else it would have been yet more troubleshooting and less hair!).