[strongSwan-dev] manual manipulation the IPsec SA/SP database
Andreas Steffen
andreas.steffen at strongswan.org
Tue May 29 17:08:54 CEST 2012
Hello,
with strongSwan you are not supposed to manipulate the SAD/SPD
with an external command line tool as "setkey" or
"ip xfrm state/policy add" because the IKEv1/IKEv2 daemons will
not become aware of any external SAD/SPD changes. All changes
must be communicated through the strongSwan daemon interfaces.
Regards
Andreas
On 29.05.2012 16:23, krishna chaitanya wrote:
> HI Team,
>
> I am new to strongswan. We are working on an implementation of IPsec.
>
> I earlier worked with racoon where I used setkey for SAD/SPD manipulation.
>
> In strongswan I had configured the SA's using IPsec.conf file, but is
> there a tool where we could manipulate SAD/SPD using shell.
>
>
> Thanks,
> KC.Sanapala
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20120529/99f5e0bf/attachment.bin>
More information about the Dev
mailing list