tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: RFC: ipsec(4) pseudo interface



Hi,

I'm sorry, I send mail while editing by mistake.

On 2017/12/20 22:40, Thor Lancelot Simon wrote:
> On Mon, Dec 18, 2017 at 06:49:44PM +0900, Kengo NAKAHARA wrote:
>> Hi,
>>
>> We implement ipsec(4) pseudo interface for route-based VPNs. This pseudo
>> interface manages its security policy(SP) by itself, in particular, we do
>>     # ifconfig ipsec0 tunnel 10.0.0.1 10.0.0.2
>> the SPs "10.0.0.1 -> 10.0.0.2"(out) and "10.0.0.2 -> 10.0.0.1"(in) are
>> generated automatically and atomically. And then, when we do
>>     # ifconfig ipsec0 deletetunnel
>> the SPs are destroyed automatically and atomically, too.
> 
> Do you have IKE daemon changes to use this?

No, I don't. Because ipsec(4) interface send the same PF_KEY message
as adding transport mode security policy manually. That is the behavior
to use existing IKE daemon.


Thanks,

-- 
//////////////////////////////////////////////////////////////////////
Internet Initiative Japan Inc.

Device Engineering Section,
IoT Platform Development Department,
Network Division,
Technology Unit

Kengo NAKAHARA <k-nakahara%iij.ad.jp@localhost>


Home | Main Index | Thread Index | Old Index