[strongSwan-dev] manual manipulation the IPsec SA/SP database

Andreas Steffen andreas.steffen at strongswan.org
Tue May 29 17:08:54 CEST 2012


with strongSwan you are not supposed to manipulate the SAD/SPD
with an external command line tool as "setkey" or
"ip xfrm state/policy add" because the IKEv1/IKEv2 daemons will
not become aware of any external SAD/SPD changes. All changes
must be communicated through the strongSwan daemon interfaces.



On 29.05.2012 16:23, krishna chaitanya wrote:
> HI Team,
> I am new to strongswan. We are working on an implementation of IPsec. 
> I earlier worked with racoon where I used setkey for SAD/SPD manipulation.
> In strongswan I had configured the SA's using IPsec.conf file, but is
> there a tool where we could manipulate SAD/SPD using shell. 
> Thanks,
> KC.Sanapala

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20120529/99f5e0bf/attachment.bin>

More information about the Dev mailing list