[Openswan Users] how to set SPA
Paul Wouters
paul at xelerance.com
Fri Jul 24 10:19:49 EDT 2009
On Fri, 24 Jul 2009, Li Yewang wrote:
> how to set SPD use openswan?
If you want to set anything manual (not recommended) then your best bet,
is to use the "ip xfrm" command, or use the setkey command. Note that
this means you're not really using Openswan, you're directly "managing"
the kernel SAD/SPD entries. This assumes using the NETKEY IPsec stack.
If using KLIPS, all manipulation should go through through "ipsec spi",
"ipsec spigrp" and "ipsec manual". We strongly discourage (and no longer
support) manual keying.
Paul
More information about the Users
mailing list