[Openswan dev] Pluto and replication of SADs and SPDs
Wieland Gmeiner
wieland.gmeiner at linbit.com
Wed Aug 27 08:15:30 EDT 2008
Hi all,
I'm trying to build a clustered ipsec gateway (to skip tunnel negotiation in
case of cluster node failover) by replicating the Security Associations and
Security Policies pluto established with its other tunnel endpoints. But for
some reason pluto or ipsec ignores these replicated SADs and SPDs on the
other clusternode when I start it there.
I prevent pluto flushing any SAD/SPD entries by a kill -KILL instead of
using the init script and when starting pluto by commenting out any flushes
in the scripts in /usr/lib/ipsec/ so pluto has the same SADs and SPDs in
the same order when starting on the other clusternode as he had on the
clusternode where he originally established the connections. I verify that
pluto listens on the service IP that is moved to the other clusternode with
ifconfig before pluto is started there.
It makes no difference whether I insert the data with setkey or directly
using the netlink PF_KEY interface.
Any hints/help appreciated.
Sorry for crossposting, not sure where my problem fits better.
Thanks a lot,
--
: Wieland Gmeiner Tel +43-1-8178292-57 :
: LINBIT Information Technologies GmbH Fax +43-1-8178292-82 :
: Vivenotgasse 48, A-1120 Vienna/Europe http://www.linbit.com :
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.openswan.org/pipermail/dev/attachments/20080827/85047ba3/attachment.bin
More information about the Dev
mailing list