[Openswan Users] Documentation of auto=route

Nick Howitt n1ck.h0w1tt at gmail.com
Wed Jul 22 17:44:21 EDT 2009 

Paul,

I have wondered about this. When I bring up a connection manually which 
normally starts with auto=start in the conf file, I just do:

ipsec auto --replace (or add) my-conn
ipsec auto --up my-conn

I do not do an ipsec auto --route, but the description you have quoted 
implies you also need an ipsec auto --route. Can you un-confuse me?

Thanks,

Nick

On 22/07/2009 22:33, Paul Wouters wrote:
> On Wed, 22 Jul 2009, Erich Titl wrote:
>
>    
>> I am using *Swan for a number of years with pretty good success on many
>> systems. Until now I was quite satisfied with auto=add vs auto=start
>> settings. Is there a comprehensive documentation of all the functions
>> 'auto' can do. I tried to find information on auto=route to start with.
>>      
> > From "man ipsec.conf":
>
>          auto
>              what operation, if any, should be done automatically at IPsec
>              startup; currently-accepted values are add (signifying an ipsec
>              auto --add), route (signifying that plus an ipsec auto --route),
>              start (signifying that plus an ipsec auto --up), manual (signifying
>              an ipsec manual --up), and ignore (also the default) (signifying no
>              automatic startup operation). See the config setup discussion
>              below. Relevant only locally, other end need not agree on it (but
>              in general, for an intended-to-be-permanent connection, both ends
>              should use auto=start to ensure that any reboot causes immediate
>              renegotiation).
>
> and (focussed mostly on klips but by now should also work on netkey, apart
> from the "most specific route" part):
>
>          When choosing a connection to apply to an outbound packet caught with a
>          %trap, the system prefers the one with the most specific eroute that
>          includes the packet´s source and destination IP addresses. Source
>          subnets are examined before destination subnets. For initiating, only
>          routed connections are considered. For responding, unrouted but added
>          connections are considered.
>
> Volunteers to help us fillup the new wiki are welcome to email me and I will
> set them up with access to the new wiki :)
>
> Paul
> Paul
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list