[strongSwan-dev] manual manipulation the IPsec SA/SP database
krishnachaitanya.sanapala at gmail.com
Wed May 30 08:31:00 CEST 2012
Thanks very much for quick response. I would love to have more
clarifications on the below following.
1. About SAD :
Adding an SA using a setkey :
add 10.0.0.11 10.0.0.216 esp 15701 -E 3des-cbc "123456789012123456789012";
add 10.0.0.11 10.0.0.216 ah 15700 -A hmac-md5 "1234567890123456";
I replicated the same in Strongswan in ipsec.conf file by adding it as
a conn. I could configure everything using strongswan apart from the
I understand that starter deamon is a configuration file parser and it
would communicate the changes. Please help me about the SPI. Is is
that strongswan uses the SPI allocated by kernel ?
2. About SPD:
Adding an SPD by setkey :
spdadd 10.0.0.216 10.0.0.11 any -P out ipsec
I tried a lot of documentation on how to configure a SP, but was unsuccessful.
Can I build an userspace program registered with XFRM to add/delete/*
ploicies for charon ? . Would that work
On Tue, May 29, 2012 at 8:38 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> with strongSwan you are not supposed to manipulate the SAD/SPD
> with an external command line tool as "setkey" or
> "ip xfrm state/policy add" because the IKEv1/IKEv2 daemons will
> not become aware of any external SAD/SPD changes. All changes
> must be communicated through the strongSwan daemon interfaces.
> On 29.05.2012 16:23, krishna chaitanya wrote:
> > HI Team,
> > I am new to strongswan. We are working on an implementation of IPsec.
> > I earlier worked with racoon where I used setkey for SAD/SPD
> > In strongswan I had configured the SA's using IPsec.conf file, but is
> > there a tool where we could manipulate SAD/SPD using shell.
> > Thanks,
> > KC.Sanapala
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev