[Openswan Users] Getting IPSec policy into kernel

Christian Horn chorn at fluxcoil.net
Mon Mar 19 16:12:17 EDT 2007

On Fri, Mar 16, 2007 at 05:10:15PM -0500, Venkat Yekkirala wrote:
> I am looking for a way to have just the IPSec policy to be
> inserted into the kernel initially, and for the SAs to be
> negotiated ON DEMAND.

conn %default
in ipsec.conf does what you want?

There are drawbacks in our setup here, thou.
We have many policies that have to go through one tunnel. One way to con-
figure all of those to trigger the establishment of the needed tunnel is
using the klips-stack and adding all those policies as connections.

With netkey i havent seen such a way, i can only after establishing a tunnel
configure the other policies in an updown-script.
Maybe someone knows a better way for this, having the policies in the first
place to be able for them to trigger establishment of the tunnel.


More information about the Users mailing list