[Users] Starting FreeS/WAN with different configurations

From: Jason A. Pattie (pattieja_at_pcxperience.com)
Date: Tue Jan 07 2003 - 00:20:23 CET

• Next message: Ken Bantoft: "Re: [Users] error messages"
• Previous message: cj: "[Users] error messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anybody know if FreeS/WAN can be started with different configurations
at different times using different configuration files and specifying
one of those files instead of having to constantly modify the
/etc/ipsec.conf configuration file?

We looked at the 'ipsec auto --config ...' and ipsec manual --config
...' options. These don't seem to do anything. How are they supposed
to be used? It seems to us that all the config options need to be
specified when ipsec starts, so these options seem to be irrelevant.

The problem we are having is we have wireless cards and wired network
interfaces but we are rarely using both and usually only using one at a
time. For ipsec to start running, ipsec requires us to have both
interfaces up and defined in the ipsec.conf file, but both interfaces
are not always up. We may not have one of the wireless cards with us.
We have discovered that we can modify /etc/ipsec.conf to reflect only
the interface we really need (i.e., interfaces='ipsec1=eth1' or
interfaces='ipsec0=eth0' or both, etc.). Therefore, we wanted to know
if it is possible to specify the config file to use when starting FreeS/WAN?

We thought about using %defaultroute, but first, it will not detect and
allow ipsec tunnels on both interfaces when we want to do that, only the
current default route interface.

Another scenario is that we want the wired connection up (which is the
default route) and the wireless up with a VPN tunnel. But that doesn't
work in the %defaultroute scenario.

Thanks.

- --
Jason A. Pattie
pattieja_at_pcxperience.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+Gg83uYsUrHkpYtARAgGJAJkBrNHgYX1MqUuJE/7tlUXhlCqoPgCdEepc
BsCqbMI0GfmSXNZWmmPcP+Y=
=bOEv
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Ken Bantoft: "Re: [Users] error messages"
• Previous message: cj: "[Users] error messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Tue Jan 07 2003 - 05:21:07 CET