tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: RFC: ipsec(4) pseudo interface


I'm sorry, I send mail while editing by mistake.

On 2017/12/20 22:40, Thor Lancelot Simon wrote:
> On Mon, Dec 18, 2017 at 06:49:44PM +0900, Kengo NAKAHARA wrote:
>> Hi,
>> We implement ipsec(4) pseudo interface for route-based VPNs. This pseudo
>> interface manages its security policy(SP) by itself, in particular, we do
>>     # ifconfig ipsec0 tunnel
>> the SPs " ->"(out) and " ->"(in) are
>> generated automatically and atomically. And then, when we do
>>     # ifconfig ipsec0 deletetunnel
>> the SPs are destroyed automatically and atomically, too.
> Do you have IKE daemon changes to use this?

No, I don't. Because ipsec(4) interface send the same PF_KEY message
as adding transport mode security policy manually. That is the behavior
to use existing IKE daemon.


Internet Initiative Japan Inc.

Device Engineering Section,
IoT Platform Development Department,
Network Division,
Technology Unit


Home | Main Index | Thread Index | Old Index