[Openswan Users] Initiate IKE on an outbound packet
Philip Bellino
pbellino at mrv.com
Fri Oct 16 10:08:48 EDT 2009
Paul,
I was wondering if you had a chance to try using auto=route with Netlink
to see if IKE could be initiatied based on traffic?
Thanks,
Phil
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Wednesday, October 07, 2009 4:04 PM
To: Philip Bellino
Cc: users at openswan.org
Subject: RE: [Openswan Users] Initiate IKE on an outbound packet
On Wed, 7 Oct 2009, Philip Bellino wrote:
> Using auto=route with KLIPS on my 2.6.27.21-78.2.41.fc9 hangs the
entire system. I thought I saw an outstanding Openswan bug (795) on
this.
hangs as in kernel crash? or network hang? You'd need oe=off.
> We then tried it with the protostack as netlink and it didn't initiate
IKE negotiations on traffic.
I need to look into this. we have not done much testing for this with
netkey.
> Does using "oe=on" in the ipsec.conf file buys us anything?
> We see that whack has an option "%opportunistic". Does using this
initiate IKE negotiations on traffic?
No, it will do IPSEC key DNS records lookups to find public keys for all
IP's you try
to connect to, which is not what you want.
Paul
More information about the Users
mailing list