[Openswan dev] Patch for review
Paul Wouters
paul at xelerance.com
Tue Apr 27 09:47:41 EDT 2010
On Tue, 27 Apr 2010, David McCullough wrote:
>> Hold is used for static tunnels when you don't want traffic to pass
>> clear over internet.
>
> Is that under netkey only ?
No.
> I ask because using klips I haven't seen this behaviour. Esp. on a static
> tunnel. I think the only cases on clear text I have seen with klips are
> before pluto has started, or before the tunnel has been started (most likely
> routed). If this isn't right I'd like to know ;-)
It should be. If you have a conn between 10.0.1.0 and 10.0.2.0 and you
auto=add it, there should be a %hold preventing packet flow until the
tunnel is started on either end.
Paul
More information about the Dev
mailing list