[Openswan Users] manual keying and NAT-Traversal
Paul Wouters
paul at xelerance.com
Mon Jun 2 12:13:54 EDT 2008
On Mon, 2 Jun 2008, nooroon wrote:
> I didn't find any config which uses both manual keying and NAT-Traversal.
> In fact, I did not try yet, but I was wondering if it's possible with
> openswan, since the NAT-Traversal RFC specify that it has to be negotiated
> in IKE phase 1. And of course, with manual keying, IKE is not used anymore.
>
> Does someone try this config?
manual keying is "do not use IKE". So yes, this would not be possible.
>From the (new) man page entry:
CONN PARAMETERS: MANUAL KEYING
This command was obsoleted around the same time that Al Gore invented the
internet. ipsec manual was used in the jurassic period to load static
keys into the kernel. There are no rational reasons to use this, and
it is not supported anymore. If you need to create static SAs, then you
can use ipsec spi and ipsec eroute
No rational person uses static keys. They are not easier to use.
REPEAT: they are not easier to use.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list