[Openswan Users]
Re: Re: [Openswan dev] Help:How to add messages to show the
tunnel'sstatus?
Henrik Nordstrom
hno at marasystems.com
Mon Feb 16 22:12:04 CET 2004
On Mon, 16 Feb 2004, swcims wrote:
> But I am still confused with manual keying. Yes, I can use "manual --up"
> to bring it up, but this doen't mean the tunnel has been set up
> correctly (I am sorry but I think this method is not precisive enough).
As far as IPSec is concerned there is nothing more to it. It is not like
auto keying where IKE negotiates the properties of the connection. When
you are doing manual keying you are maintaining the tunnel state manually
at both ends, independent of each other. If there is a mismatch in the
parameters forwarded traffic will not get accepted by the other end.
> "Connected" means that two sides can communicate by the tunnel.
The only way to guaratee this with manual keying to to run some form of
communications test over the tunnel.
Regards
Henrik
More information about the Users
mailing list