[strongSwan] kernel SPD policy not installed until successful IKE negotiation completes
Alexander Lyakas
alex.bolshoy at gmail.com
Wed Mar 7 14:28:51 CET 2012
Thanks, Tobias!
I ended up specifying "auto=route" and then calling "ipsec whack
--initiate --name <name> --asynchronous" to immediately kick the
initial negotiation.
It would be good if "auto" could have an option to both install the
policy and initiate negotiation (both "route" and "start"). I guess
this is not possible right now, isn't it?
Thanks,
Alex.
On Wed, Mar 7, 2012 at 11:53 AM, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Alex,
>
>> Is there a way to instruct strongswan to install the security policy
>> right upon starting?
>
> Try auto=route. This installs the policies right away and if traffic
> matches them the daemon will try to setup the appropriate IKE/IPsec SAs.
>
> The installpolicy option is intended for MIPv6 where the policies are
> not managed by the IKE daemon.
>
> Regards,
> Tobias
More information about the Users
mailing list