[strongSwan] How to differentiate between strongswan kernel config and manual
Hi All, I am wondering whether there is any way to differentiate between strongswan SP and SA vs manually configured one. In one of my previous mail, I was clarified that strongswan doesn't support non-IKE sessions that is fixed SA configurations. Is there a way to differentiate between non-strongswan SP and SA with strongswan SP and SA in linux. >From what i read in the latest version strongswan wont be using SPI less than 0xC000. if that is the case, if for manual we restrict SPI less than that we can easily differentiate SAs. But how about SPs? Linux as something called as index in SP? Would it be wise to set that index to one for all manual SPs. Thanks in advance. Regards, Manimuthu.
[strongSwan] Manual SA using strongswan
HI All, My sincere apology for my ignorance. I just started to work on strongswan and ipsec in linux. My need is very simple for now, I tried googling it for more than a week. Most probably I didn't use the right term. Can we establish manual SA using strongswan? if so can someone help me with an example? Once again sorry for my ignorance. Regards, Manimuthu.
Re: [strongSwan] Manual SA using strongswan
Hi Noel, Thank you for the clarification. Regards, Manimuthu. On Fri, Jan 19, 2018 at 7:37 PM Noel Kuntze wrote: > Hi, > > strongSwan is an IKE daemon. Its purpose is to negotiate dynamic SAs. As > soon as you have an IKE daemon, you do not need any static SAs anymore. > It therefore does not support static SAs. If you want that, you need to > use your system's tools (e.g. iproute2 (ip xfrm ...)). > > Kind regards > > Noel > > On 19.01.2018 12:35, manimuthu m a wrote: > > > > > > On Fri, Jan 19, 2018 at 4:38 PM manimuthu m a <mailto:manilon.mu...@gmail.com>> wrote: > > > > HI All, > > > > My sincere apology for my ignorance. > > > > I just started to work on strongswan and ipsec in linux. My need is > very simple for now, I tried googling it for more than a week. Most > probably I didn't use the right term. > > > > Can we establish manual SA using strongswan? if so can someone help > me with an example? > > > > Once again sorry for my ignorance. > > > > Regards, > > Manimuthu. > > > >
Re: [strongSwan] Manual SA using strongswan
On Fri, Jan 19, 2018 at 4:38 PM manimuthu m a wrote: > HI All, > > My sincere apology for my ignorance. > > I just started to work on strongswan and ipsec in linux. My need is very > simple for now, I tried googling it for more than a week. Most probably I > didn't use the right term. > > Can we establish manual SA using strongswan? if so can someone help me > with an example? > > Once again sorry for my ignorance. > > Regards, > Manimuthu. >