Hi Terry, > What's the best way > to turn off linux IPsec while still running strongswan? Is there a > switch somewhere,or maybe > just not adding SAs to the kernel? We still need the policies because > routing decisions still depend on them.
There is an ipsec.conf option (installpolicy) to disable the installation of IPsec policies (used with MIPv6), but there is currently no option that prevents the installation of IPsec SAs. Of course, you could write your own kernel interface plugin (an implementation of the kernel_ipsec_t interface) which would handle the installation of SAs and policies just the way you require it. Have a look at the existing kernel plugins in libhydra. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
