[Openswan Users] Getting IPSec policy into kernel
chorn at fluxcoil.net
Mon Mar 19 16:12:17 EDT 2007
On Fri, Mar 16, 2007 at 05:10:15PM -0500, Venkat Yekkirala wrote:
> I am looking for a way to have just the IPSec policy to be
> inserted into the kernel initially, and for the SAs to be
> negotiated ON DEMAND.
in ipsec.conf does what you want?
There are drawbacks in our setup here, thou.
We have many policies that have to go through one tunnel. One way to con-
figure all of those to trigger the establishment of the needed tunnel is
using the klips-stack and adding all those policies as connections.
With netkey i havent seen such a way, i can only after establishing a tunnel
configure the other policies in an updown-script.
Maybe someone knows a better way for this, having the policies in the first
place to be able for them to trigger establishment of the tunnel.
More information about the Users