[Openswan Users] Initiate IKE on an outbound packet
Paul Wouters
paul at xelerance.com
Wed Oct 7 16:04:24 EDT 2009
On Wed, 7 Oct 2009, Philip Bellino wrote:
> Using auto=route with KLIPS on my 2.6.27.21-78.2.41.fc9 hangs the entire system. I thought I saw an outstanding Openswan bug (795) on this.
hangs as in kernel crash? or network hang? You'd need oe=off.
> We then tried it with the protostack as netlink and it didn't initiate IKE negotiations on traffic.
I need to look into this. we have not done much testing for this with netkey.
> Does using "oe=on" in the ipsec.conf file buys us anything?
> We see that whack has an option "%opportunistic". Does using this initiate IKE negotiations on traffic?
No, it will do IPSEC key DNS records lookups to find public keys for all IP's you try
to connect to, which is not what you want.
Paul
More information about the Users
mailing list