[Openswan dev] thoughts on openswan initscripts
dax at gurulabs.com
Mon Feb 16 12:31:45 CET 2004
On Mon, 2004-02-16 at 12:23, Paul Wouters wrote:
> > The actual configuration for the connections could/should stay in the
> > /etc/ipsec.conf file.
> ipsec.conf supports including files, so it's easy to put conns in seperate
> files in /etc/ipsec.d/conns/connname.conf
> This will make it easier for any redhat-config-* tool to work on it.
That sounds good.
BTW, the redhat-config-* tools have been renamed to system-config-*.
> > BTW, the way I've done the Red Hat / IPsec thing is to have no linkage
> > with the ifcfg scripts and define all my connections in /etc/ipsec.conf.
> > And when I want to bring up my tunnels, I do:
> > service ipsec start
> The service (or rather pluto) should start in time to prevent packets meant
> for ipsec tunnels to go out the default gateway. So yes, starting the service
> is always needed.
That's reasonable. In my case it didn't matter since packets meant for
those ipsec tunnels were only generated by manual action.
More information about the Dev