[strongSwan] Running dual instances of strongswan
tobias at strongswan.org
Wed Sep 12 10:47:49 CEST 2012
> What's the best way
> to turn off linux IPsec while still running strongswan? Is there a
> switch somewhere,or maybe
> just not adding SAs to the kernel? We still need the policies because
> routing decisions still depend on them.
There is an ipsec.conf option (installpolicy) to disable the
installation of IPsec policies (used with MIPv6), but there is currently
no option that prevents the installation of IPsec SAs.
Of course, you could write your own kernel interface plugin (an
implementation of the kernel_ipsec_t interface) which would handle the
installation of SAs and policies just the way you require it. Have a
look at the existing kernel plugins in libhydra.
More information about the Users