[Openswan Users] Incoming connections only
John Crisp
jcrisp at safeandsoundit.co.uk
Fri Jul 4 08:49:31 EDT 2014
Hi,
I have a working IPSEC setup with Openswan
I have a query regarding connections.
Currently the system is set with each tunnel as:
auto=start
This both makes and receives connections.
I wanted to set Openswan so it only receives connections and does not
try to make them, but having read the documentation I can't quite figure
it out.
http://www.linuxmanpages.com/man8/ipsec_auto.8.php
This shows an option for ' --ready' but I can't see that you can add the
same to the ipsec.conf file ?
The --ready operation tells pluto to listen for connection-setup
requests from other hosts. Doing an --up operation before doing --ready
on both ends is futile and will not work, although this is now automated
as part of IPsec startup and should not normally be an issue.
http://www.linuxmanpages.com/man5/ipsec.conf.5.php
auto
what operation, if any, should be done automatically at IPsec
startup; currently-accepted values are add (signifying an ipsec auto
--add), route (signifying that plus an ipsec auto --route), start
(signifying that plus an ipsec auto --up), manual (signifying an ipsec
manual --up), and ignore (also the default) (signifying no automatic
startup operation). See the config setup discussion below. Relevant only
locally, other end need not agree on it (but in general, for an
intended-to-be-permanent connection, both ends should use auto=start to
ensure that any reboot causes immediate renegotiation).
Can anyone suggest how to do this ?
B. Rgds
John
More information about the Users
mailing list