[Openswan Users] Pluto and replication of SADs and SPDs

Wieland Gmeiner wieland.gmeiner at linbit.com
Tue Aug 26 13:09:15 EDT 2008

Hi all,

I'm trying to build a clustered ipsec gateway by replicating the Security 
Associations and Security Policies pluto established with its other 
endpoints. But for some reason pluto ignores these replicated SADs and SPDs 
on the other clusternode when I start it there.

I prevent pluto flushing any SAD/SPD entries by a kill -KILL instead of using 
the init script and when starting pluto by commenting out any flushes in the 
scripts in /usr/lib/ipsec/ so pluto has the same SADs and SPDs in the same 
order when starting on the other clusternode as he had on the clusternode 
where he originally established the connections. I verify that pluto listens 
on the service IP that is moved to the other clusternode with ifconfig before 
pluto is started there.

It makes no difference whether I insert the data with setkey or directly using 
the netlink PF_KEY interface.

Any hints/help appreciated.

Sorry for crossposting, not sure where I fit better and please cc me in an 

Thanks a lot,
: Wieland Gmeiner                               Tel +43-1-8178292-57  :
: LINBIT Information Technologies GmbH          Fax +43-1-8178292-82  :
: Vivenotgasse 48, A-1120 Vienna/Europe         http://www.linbit.com :
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.openswan.org/pipermail/users/attachments/20080826/80086961/attachment.bin 

More information about the Users mailing list