[Openswan dev] thoughts on openswan initscripts

Dax Kelson dax at gurulabs.com
Mon Feb 16 12:31:45 CET 2004


On Mon, 2004-02-16 at 12:23, Paul Wouters wrote:

> > The actual configuration for the connections could/should stay in the
> > /etc/ipsec.conf file.
> 
> ipsec.conf supports including files, so it's easy to put conns in seperate
> files in /etc/ipsec.d/conns/connname.conf
> This will make it easier for any redhat-config-* tool to work on it.

That sounds good.

BTW, the redhat-config-* tools have been renamed to system-config-*.

> > BTW, the way I've done the Red Hat / IPsec thing is to have no linkage
> > with the ifcfg scripts and define all my connections in /etc/ipsec.conf.
> > And when I want to bring up my tunnels, I do:
> > 
> > service ipsec start
> 
> The service (or rather pluto) should start in time to prevent packets meant
> for ipsec tunnels to go out the default gateway. So yes, starting the service
> is always needed.

That's reasonable. In my case it didn't matter since packets meant for
those ipsec tunnels were only generated by manual action.

Dax Kelson
Guru Labs



More information about the Dev mailing list