Is it possible for two freeswan hosts to dynamically renegotiate the
security parameters for a given connection? For example, both sides
have negotiated to use compression, but then one side decides not too
and renegotiates with the other side?
I have tried to fudge this by setting up adding two connections to pluto
for the same destination, one with and one without compression. When I
want to switch, I can issue an 'ipsec whack --terminate --name <first
cxn>' followed by an 'ipsec whack --unroute --name <first cxn>', then
'ipsec whack --initiate --name <2nd cxn>'to initiate the second
connection. This seems to work for predetermined connections. However,
I am also trying todo this with opportunistic encryption as well, so one
connection my have 5-10 different instances. And if I terminate the
opportunistic cxn, and start a new one, then it doesn't automatically
renegotiate with the other sides. And the other sides think the old
connection is still up.
So I am thinking it would be really nice to change the parameter on the
current connection, and then issue something like 'ipsec whack
--renegotiate' or 'ipsec whack --rekey' or something like that? Any
ideas?
thx,
britt
-- I therefore, a prisoner for the Lord, beg you to lead a life worthy of the calling to which you have been called, with all lowliness and meekness, with patience, forbearing one another in love, eager to maintain the unity of the Spirit in the bond of peace. Eph 4:1-3_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:47 CEST