[strongSwan] Query regarding route based security
bairathi.vivek at gmail.com
Tue Nov 2 08:06:49 CET 2010
On Tue, Nov 2, 2010 at 12:35 PM, vivek bairathi <bairathi.vivek at gmail.com>wrote:
> Hi Andreas,
> Thanks for your quick reply.
> I have some more queries regarding kernel_netlink interface:
> If I use auto=route in ipsec.conf file for a connection:
> Q1. Does the stack after reading the ipsec.conf file for this connection
> installs SPD and route entries into the kernel? If yes then is the SPI and
> reqid written in SPD are the one that is sent to IKEv2 stack by kernel in
> XFRM ACQUIRE message?
> If I do not use auto=route in ipsec.conf file for a connection:
> Q2. I send an XFRM ACQUIRE message to IKEv2 stack using my application will
> the IKEv2 stack be able to trigger an IKE/IPSEC SA. I think in this case
> there will be no kernel traps installed by IKEv2 stack. So will it be able
> to trigger an SA for that connection?
> Thanks & Regards,
> On Mon, Nov 1, 2010 at 6:45 PM, Andreas Steffen <
> andreas.steffen at strongswan.org> wrote:
>> Hello Vivek,
>> this event is signalled by an XFRM ACQUIRE message via the netlink
>> kernel interface:
>> The netlink socket is registered to receive this kind of events:
>> Best regards
>> On 11/01/2010 01:34 PM, vivek bairathi wrote:
>> > Hi All,
>> > I want to know that if I set auto=route in ipsec.conf for a connection.
>> > The IKEv2 stack will install kernel traps for that connection and will
>> > initiate an SA only when it gets a packet between the leftsubnet and the
>> > rightsubnet.
>> > For this the IKEv2 stack needs trigger from kernel so which interface
>> > will be used to tell IKEv2 Stack that a packet has hit its kernel traps
>> > and now you have to init an IKE_SA?
>> > Thanks & Regards
>> > Vivek
>> Andreas Steffen andreas.steffen at strongswan.org
>> strongSwan - the Linux VPN Solution! www.strongswan.org
>> Institute for Internet Technologies and Applications
>> University of Applied Sciences Rapperswil
>> CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users