[strongSwan] Query regarding route based security
Andreas Steffen
andreas.steffen at strongswan.org
Mon Nov 1 14:15:13 CET 2010
Hello Vivek,
this event is signalled by an XFRM ACQUIRE message via the netlink
kernel interface:
http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c;h=8cc9a6283014a9b237f8a000016b2146b73742ac;hb=HEAD#l514
The netlink socket is registered to receive this kind of events:
http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c;h=8cc9a6283014a9b237f8a000016b2146b73742ac;hb=HEAD#l2199
Best regards
Andreas
On 11/01/2010 01:34 PM, vivek bairathi wrote:
> Hi All,
>
> I want to know that if I set auto=route in ipsec.conf for a connection.
>
> The IKEv2 stack will install kernel traps for that connection and will
> initiate an SA only when it gets a packet between the leftsubnet and the
> rightsubnet.
>
> For this the IKEv2 stack needs trigger from kernel so which interface
> will be used to tell IKEv2 Stack that a packet has hit its kernel traps
> and now you have to init an IKE_SA?
>
> Thanks & Regards
> Vivek
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list