Is it possible for two freeswan hosts to dynamically renegotiate the
security parameters for a given connection? For example, both sides
have negotiated to use compression, but then one side decides not too
and renegotiates with the other side?
I have tried to fudge this by setting up adding two connections to pluto
for the same destination, one with and one without compression. When I
want to switch, I can issue an 'ipsec whack --terminate --name <first
cxn>' followed by an 'ipsec whack --unroute --name <first cxn>', then
'ipsec whack --initiate --name <2nd cxn>'to initiate the second
connection. This seems to work for predetermined connections. However,
I am also trying todo this with opportunistic encryption as well, so one
connection my have 5-10 different instances. And if I terminate the
opportunistic cxn, and start a new one, then it doesn't automatically
renegotiate with the other sides. And the other sides think the old
connection is still up.
So I am thinking it would be really nice to change the parameter on the
current connection, and then issue something like 'ipsec whack
--renegotiate' or 'ipsec whack --rekey' or something like that? Any
ideas?
thx,
britt
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:47 CEST