On Tue, Nov 2, 2010 at 12:35 PM, vivek bairathi <bairathi.vi...@gmail.com>wrote:
> Hi Andreas, > > Thanks for your quick reply. > > I have some more queries regarding kernel_netlink interface: > > If I use auto=route in ipsec.conf file for a connection: > Q1. Does the stack after reading the ipsec.conf file for this connection > installs SPD and route entries into the kernel? If yes then is the SPI and > reqid written in SPD are the one that is sent to IKEv2 stack by kernel in > XFRM ACQUIRE message? > > If I do not use auto=route in ipsec.conf file for a connection: > Q2. I send an XFRM ACQUIRE message to IKEv2 stack using my application will > the IKEv2 stack be able to trigger an IKE/IPSEC SA. I think in this case > there will be no kernel traps installed by IKEv2 stack. So will it be able > to trigger an SA for that connection? > > Thanks & Regards, > Vivek > > On Mon, Nov 1, 2010 at 6:45 PM, Andreas Steffen < > andreas.stef...@strongswan.org> wrote: > >> Hello Vivek, >> >> this event is signalled by an XFRM ACQUIRE message via the netlink >> kernel interface: >> >> >> http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c;h=8cc9a6283014a9b237f8a000016b2146b73742ac;hb=HEAD#l514 >> >> The netlink socket is registered to receive this kind of events: >> >> >> http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c;h=8cc9a6283014a9b237f8a000016b2146b73742ac;hb=HEAD#l2199 >> >> Best regards >> >> Andreas >> >> On 11/01/2010 01:34 PM, vivek bairathi wrote: >> > Hi All, >> > >> > I want to know that if I set auto=route in ipsec.conf for a connection. >> > >> > The IKEv2 stack will install kernel traps for that connection and will >> > initiate an SA only when it gets a packet between the leftsubnet and the >> > rightsubnet. >> > >> > For this the IKEv2 stack needs trigger from kernel so which interface >> > will be used to tell IKEv2 Stack that a packet has hit its kernel traps >> > and now you have to init an IKE_SA? >> > >> > Thanks & Regards >> > Vivek >> >> ====================================================================== >> Andreas Steffen andreas.stef...@strongswan.org >> strongSwan - the Linux VPN Solution! www.strongswan.org >> Institute for Internet Technologies and Applications >> University of Applied Sciences Rapperswil >> CH-8640 Rapperswil (Switzerland) >> ===========================================================[ITA-HSR]== >> > >
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
