[Openswan Users] Getting IPSec policy into kernel

Venkat Yekkirala vyekkirala at trustedcs.com
Mon Mar 19 09:46:32 EDT 2007


Nope. That only adds the connection to the *internal* database within pluto.
It doesn't (at least isn't if it was supposed to) insert the policy into the
kernel until ipsec auto --up <connection-name>.

> -----Original Message-----
> From: Marcus Carlson [mailto:marcus at mejlamej.nu]
> Sent: Saturday, March 17, 2007 6:40 PM
> To: vyekkirala at trustedcs.com
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] Getting IPSec policy into kernel
>
>
> Hi,
>
> What about ipsec auto --add <connection-name>?
>
> As far as I know it is supposed to do what you request...
>
> Marcus
>
> Venkat Yekkirala skrev:
> > Hi,
> >
> > I am looking for a way to have just the IPSec policy to be
> > inserted into the kernel initially, and for the SAs to be
> > negotiated ON DEMAND.
> >
> > When I issue the following command, the SAs as well as the SPD
> > are loaded in the kernel.
> >
> > ipsec auto --up <connection-name>
> >
> > I have looked at the "asynchronous" option to --up, but that still
> > doesn't result in ONLY the IPSec policy being loaded into the SPD.
> >
> > Thanks,
> >
> > venkat
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Building and Integrating Virtual Private Networks with Openswan:
> >
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



More information about the Users mailing list