On Tue, 26 Mar 2002, noam rinetzky wrote:
> I'd be grateful for answers regarding the following questions about manual
> keying (I need it since I use IPSec with only authentication):
Out of curiosity, why only authentication? Is there a specific reason
*not* to encrypt?
> 1. Why is a pre-shared-key required in the secrets file for a manual
> connection, the two endpoints build the SA locally. Is there an
> authentication protocol that runs between the machines?
No, none. And manual keying itself has no requirement for anything in the
secrets file -- it doesn't look at that file.
> 2. What happens when enough time had passed, or a lot of data transmitted
> over the connection - is it closed? a new SA is built?
No. *Nothing* happens automatically. If you want to rebuild the connection
with new keys (there's not much point to rebuilding otherwise), you have to
put the keys in the ipsec.conf files and bring the connection down and then
up again on both ends.
> 3. Is there a software interface that allows adding and removing connections
> to the SA data base, or only the command line tools?
Command line -- specifically, ipsec_manual -- is what you've got.
Henry Spencer
henry_at_spsystems.net
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:46 CEST