[Openswan Users] Getting IPSec policy into kernel
Christian Horn
chorn at fluxcoil.net
Mon Mar 19 16:12:17 EDT 2007
On Fri, Mar 16, 2007 at 05:10:15PM -0500, Venkat Yekkirala wrote:
>
> I am looking for a way to have just the IPSec policy to be
> inserted into the kernel initially, and for the SAs to be
> negotiated ON DEMAND.
Maybe
----------
conn %default
auto=route
----------
in ipsec.conf does what you want?
There are drawbacks in our setup here, thou.
We have many policies that have to go through one tunnel. One way to con-
figure all of those to trigger the establishment of the needed tunnel is
using the klips-stack and adding all those policies as connections.
With netkey i havent seen such a way, i can only after establishing a tunnel
configure the other policies in an updown-script.
Maybe someone knows a better way for this, having the policies in the first
place to be able for them to trigger establishment of the tunnel.
Christian
More information about the Users
mailing list