Greetings all,
I am using strongswan 4.5.0 and IKEv1. In ipsec.conf I have auto=start.
I notice that if the remote node does not have IKE daemon running
(yet), strongswan does not install the security policy appropriate for
the connection. As a result, the remote node can connect insecurely,
if
Hi Alex,
Is there a way to instruct strongswan to install the security policy
right upon starting?
Try auto=route. This installs the policies right away and if traffic
matches them the daemon will try to setup the appropriate IKE/IPsec SAs.
The installpolicy option is intended for MIPv6
Thanks, Tobias!
I ended up specifying auto=route and then calling ipsec whack
--initiate --name name --asynchronous to immediately kick the
initial negotiation.
It would be good if auto could have an option to both install the
policy and initiate negotiation (both route and start). I guess
this
It would be good if auto could have an option to both install the
policy and initiate negotiation (both route and start). I guess
this is not possible right now, isn't it?
No, there is no such option right now. It's usually not needed as
auto=route automatically initiates the negotiation if