[strongSwan] Query regarding route based security

Andreas Steffen andreas.steffen at strongswan.org
Mon Nov 1 14:15:13 CET 2010

Hello Vivek,

this event is signalled by an XFRM ACQUIRE message via the netlink
kernel interface:


The netlink socket is registered to receive this kind of events:


Best regards


On 11/01/2010 01:34 PM, vivek bairathi wrote:
> Hi All,
> I want to know that if I set auto=route in ipsec.conf for a connection.
> The IKEv2 stack will install kernel traps for that connection and will
> initiate an SA only when it gets a packet between the leftsubnet and the
> rightsubnet.
> For this the IKEv2 stack needs trigger from kernel so which interface
> will be used to tell IKEv2 Stack that a packet has hit its kernel traps
> and now you have to init an IKE_SA?
> Thanks & Regards
> Vivek

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list