[Openswan Users] Documentation of auto=route
Paul Wouters
paul at xelerance.com
Wed Jul 22 17:33:55 EDT 2009
On Wed, 22 Jul 2009, Erich Titl wrote:
> I am using *Swan for a number of years with pretty good success on many
> systems. Until now I was quite satisfied with auto=add vs auto=start
> settings. Is there a comprehensive documentation of all the functions
> 'auto' can do. I tried to find information on auto=route to start with.
>From "man ipsec.conf":
auto
what operation, if any, should be done automatically at IPsec
startup; currently-accepted values are add (signifying an ipsec
auto --add), route (signifying that plus an ipsec auto --route),
start (signifying that plus an ipsec auto --up), manual (signifying
an ipsec manual --up), and ignore (also the default) (signifying no
automatic startup operation). See the config setup discussion
below. Relevant only locally, other end need not agree on it (but
in general, for an intended-to-be-permanent connection, both ends
should use auto=start to ensure that any reboot causes immediate
renegotiation).
and (focussed mostly on klips but by now should also work on netkey, apart
from the "most specific route" part):
When choosing a connection to apply to an outbound packet caught with a
%trap, the system prefers the one with the most specific eroute that
includes the packet´s source and destination IP addresses. Source
subnets are examined before destination subnets. For initiating, only
routed connections are considered. For responding, unrouted but added
connections are considered.
Volunteers to help us fillup the new wiki are welcome to email me and I will
set them up with access to the new wiki :)
Paul
Paul
More information about the Users
mailing list