[Openswan Users] ipsec %hold

Paul Wouters paul at xelerance.com
Sun Feb 12 03:41:43 CET 2006


On Fri, 10 Feb 2006, Andrew Rice wrote:

> ok I have a question...what does %hold mean when you pull an ipsec eroute?

A security policy exists for the remote end, but the security association is
not up, so packets cannot be send. In other words, we think the remote end
should be talking IPsec to us, but it isn't, so the hold prevents plaintext
packets from being sent.

Paul


More information about the Users mailing list