<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
auto=add<br>
<br>
<div class="moz-cite-prefix">On 04/07/2014 13:49, John Crisp wrote:<br>
</div>
<blockquote cite="mid:53B6A2DB.7050300@safeandsoundit.co.uk"
type="cite">
<pre wrap="">
Hi,
I have a working IPSEC setup with Openswan
I have a query regarding connections.
Currently the system is set with each tunnel as:
auto=start
This both makes and receives connections.
I wanted to set Openswan so it only receives connections and does not
try to make them, but having read the documentation I can't quite figure
it out.
<a class="moz-txt-link-freetext" href="http://www.linuxmanpages.com/man8/ipsec_auto.8.php">http://www.linuxmanpages.com/man8/ipsec_auto.8.php</a>
This shows an option for ' --ready' but I can't see that you can add the
same to the ipsec.conf file ?
The --ready operation tells pluto to listen for connection-setup
requests from other hosts. Doing an --up operation before doing --ready
on both ends is futile and will not work, although this is now automated
as part of IPsec startup and should not normally be an issue.
<a class="moz-txt-link-freetext" href="http://www.linuxmanpages.com/man5/ipsec.conf.5.php">http://www.linuxmanpages.com/man5/ipsec.conf.5.php</a>
auto
what operation, if any, should be done automatically at IPsec
startup; currently-accepted values are add (signifying an ipsec auto
--add), route (signifying that plus an ipsec auto --route), start
(signifying that plus an ipsec auto --up), manual (signifying an ipsec
manual --up), and ignore (also the default) (signifying no automatic
startup operation). See the config setup discussion below. Relevant only
locally, other end need not agree on it (but in general, for an
intended-to-be-permanent connection, both ends should use auto=start to
ensure that any reboot causes immediate renegotiation).
Can anyone suggest how to do this ?
B. Rgds
John
_______________________________________________
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a class="moz-txt-link-freetext" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
<br>
</body>
</html>