Hosting Provided By

linux-ipsec: Re: Help on ISAKMP

From: Kai Martius <admin(at)imib.med.tu-dresden.de>
Date: Wed May 27 1998 - 08:12:06 EDT

Hello,

> I 've downloaded the example realizaton of ISAKMP:pluto package(0.7)

In "normal operation" you only need to run whack once (on the Initiator, which you can choose: FW1 or FW2).

> FW1#whack 7501 192.168.2.1 7500 192.168.3.0 255.255.255.0 192.168.1.0

Running whack a second time doesn't re-negotiate the last SPI but it establishes a new one (with a new SPI value), that's what you see in /proc/net/ipsec-spi. This wouldn't be a problem when the eroute would be changed to the new SPI, but as far as I know pluto doesn't do this automatically, especially not the 0.7alpha version. (Question: does or will FreeS/WANs pluto support this ?)

I can't tell you how to delete SPIs / ERoutes in the old version (except rebooting...), the new FreeS/WAN stuff has this (manual) option (spi del ... / eroute del ...).

Kai

# Kai Martius                                                           #
# Dpt. of Medical CS and Biometrics / Dresden University of Technology  #
# PGP Fingerprint: to be compared after download of my key              #
# Key and more info (especially IP-security related) see my Homepage    #
# 
http://www.imib.med.tu-dresden.de/imib/personal/kai.html              #

Received on Wed May 27 08:43:30 1998

This message: [ Message body ]
Next message: Richard Guy Briggs: "Re: linux-ipsec: Re: Help on ISAKMP"
Previous message: Richard Guy Briggs: "Re: linux-ipsec: FreeS/WAN 0.8 as a SG hard crashes Linux kernel, whee."
In reply to tan xinglie: "linux-ipsec: Relation beteen Pluto & IPSEC?"
Next in thread: Richard Guy Briggs: "Re: linux-ipsec: Re: Help on ISAKMP"
Reply: Richard Guy Briggs: "Re: linux-ipsec: Re: Help on ISAKMP"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:15 EDT

Do you need help?