[Openswan Users] Tunnel on demand?
Stefan Denker
Stefan at dn-kr.de
Wed Oct 25 10:11:15 EDT 2006
On Fri, Oct 20, 2006 at 09:48:25PM +0200, Paul Wouters wrote:
>> So, I have to figure out some way to implement "Dial on demand" with
>> openswan, some way to transparently establish the tunnel if some local
>> machine tries to connect to some remote machine. Any hints about how to
>> do that?
> Opportunistic Encryption can do that, but not to a Cisco box. And it
> requires "first packet caching", which klips supports but netkey does
> not.
I guess i could switch to klips, but this wouldn't help me...
But I guess retransmition of the first packet would deal with this.
> So I'm afraid, you'll have to do something strange, like change routing
> into some other device, eg like the old ppp dailup scripts, which used
> a dummy route into 127.0.0.2 into some device that triggered the setup
> of the tunnel.
Ok, I am going to do something strange. Maybe I'll post about how I did
it once I got it working.
Before I get started I got another question: Which is the "official" way
to see whether a connection is established or not? I know "ipsec auto
--status" will give me the information needed, but it gives a lot more.
:)
And (but this is maybe better posted to the developer mailing list)
speaking of "ipsec auto --status": Which states (STATE_MAIN_I1,
STATE_QUICK_R2) can a connection be in? Is there a documentation ( apart
from *.c *g* ) of these somewhere?
And last but not least: Is there a nagios plugin to monitor the status
of a tunnel? So people finding command lines offensive would at least be
able to check the tunnels' status.
Thanks for the help so far...
Stefan, as usual asking too many questions.
--
Die 10 Gebote sind deshalb so kurz und verständlich, weil sie ohne
Mitwirkung einer Expertenkommission entstanden sind.
[de Gaulle, Charles]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20061025/54d84f75/attachment.bin
More information about the Users
mailing list