[Openswan Users] About SPD, SADB database.
paul at xelerance.com
Fri Jan 21 12:12:30 EST 2011
On Fri, 14 Jan 2011, Le Ngoc Son wrote:
> I have a question about entries of SPD, SA database.
> In my understanding, when Openswan starts, it will read the ipsec.conf to find the IPSEC interesting traffic then record them in
> SPD database. Beside, it also records two VPN endpoints in SA database (SADB) after finishing the VPN establishment.
> So, if one of two above endpoints is shutdown, the SA entries of this VPN connection in SADB still exist, or will be deleted ?
It depends. See the auto= keyword in the ipsec.conf man page.
More information about the Users