[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmpd: named pipe or pf_key?

To: Du Jinsong <jinsong@internetappliance.com>
Subject: Re: isakmpd: named pipe or pf_key?
From: Håkan Olsson <ho@crt.se>
Date: Tue, 7 Dec 1999 09:02:42 +0100 (MET)
Cc: tech@openbsd.org


The named pipe is for communicating with the isakmp-daemon, not directly
with "ipsec". You can, for example, do

# echo "c MyConnection" >> /var/run/isakmpd.fifo

to have isakmpd manually initiate the connection "MyConnection" (which has
to be specified in the configuration file, though).

This is not yet (oops) described in the manual page, but briefly,
available commands include;

  c - initiate connection
  t - teardown connection
  D - change debugging level
  r - generate report (same as sending a SIGUSR1 signal)
  d - delete SA
  C - modify configuration

c, t, D and r are fairly straightforward to use. d and C are not.

It may be that this API may change in the future.

//Håkan

--
Håkan Olsson <ho@crt.se>        (+46) 708 437 337     Carlstedt Research
Unix, Networking, Security      (+46) 31 701 4200        & Technology AB

References:
- Re: isakmpd: named pipe or pf_key?
  - From: Du Jinsong <jinsong@internetappliance.com>

Prev by Date: Re: isakmpd: named pipe or pf_key?
Next by Date: PGPnet/isakmpd/ipsec telecommuting vpn??
Prev by thread: Re: isakmpd: named pipe or pf_key?
Next by thread: problems with the es1370
Index(es):
- Date
- Thread