[strongSwan] kernel SPD policy not installed until successful IKE negotiation completes

[Tobias Brunner]

> It would be good if "auto" could have an option to both install the
> policy and initiate negotiation (both "route" and "start"). I guess
> this is not possible right now, isn't it?

No, there is no such option right now.  It's usually not needed as
auto=route automatically initiates the negotiation if any traffic
matches the installed policy.  In all other cases ipsec up <name> does
the trick (or using whack directly as you did).

Regards,
Tobias