[Openswan Users] Pluto and replication of SADs and SPDs
wieland.gmeiner at linbit.com
Tue Aug 26 13:09:15 EDT 2008
I'm trying to build a clustered ipsec gateway by replicating the Security
Associations and Security Policies pluto established with its other
endpoints. But for some reason pluto ignores these replicated SADs and SPDs
on the other clusternode when I start it there.
I prevent pluto flushing any SAD/SPD entries by a kill -KILL instead of using
the init script and when starting pluto by commenting out any flushes in the
scripts in /usr/lib/ipsec/ so pluto has the same SADs and SPDs in the same
order when starting on the other clusternode as he had on the clusternode
where he originally established the connections. I verify that pluto listens
on the service IP that is moved to the other clusternode with ifconfig before
pluto is started there.
It makes no difference whether I insert the data with setkey or directly using
the netlink PF_KEY interface.
Any hints/help appreciated.
Sorry for crossposting, not sure where I fit better and please cc me in an
Thanks a lot,
: Wieland Gmeiner Tel +43-1-8178292-57 :
: LINBIT Information Technologies GmbH Fax +43-1-8178292-82 :
: Vivenotgasse 48, A-1120 Vienna/Europe http://www.linbit.com :
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.openswan.org/pipermail/users/attachments/20080826/80086961/attachment.bin
More information about the Users