Hi, I'm sorry, I send mail while editing by mistake.
On 2017/12/20 22:40, Thor Lancelot Simon wrote: > On Mon, Dec 18, 2017 at 06:49:44PM +0900, Kengo NAKAHARA wrote: >> Hi, >> >> We implement ipsec(4) pseudo interface for route-based VPNs. This pseudo >> interface manages its security policy(SP) by itself, in particular, we do >> # ifconfig ipsec0 tunnel 10.0.0.1 10.0.0.2 >> the SPs "10.0.0.1 -> 10.0.0.2"(out) and "10.0.0.2 -> 10.0.0.1"(in) are >> generated automatically and atomically. And then, when we do >> # ifconfig ipsec0 deletetunnel >> the SPs are destroyed automatically and atomically, too. > > Do you have IKE daemon changes to use this? No, I don't. Because ipsec(4) interface send the same PF_KEY message as adding transport mode security policy manually. That is the behavior to use existing IKE daemon. Thanks, -- ////////////////////////////////////////////////////////////////////// Internet Initiative Japan Inc. Device Engineering Section, IoT Platform Development Department, Network Division, Technology Unit Kengo NAKAHARA <k-nakah...@iij.ad.jp>
