Re: [Ipsec-tools-devel] How to to drop tunnels without killing everybody ?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello Yvan

VANHULLEBUS Yvan a =E9crit :
> What do you mean exactly by "drop" ?
> Just removing SAs, or completly disable the tunnel ?
>
> In the first case, you can just try to delete the SAs directly by
> using setkey, but that won't send DELETE-SAs to the peer.
>
>  =20
Well. I can set the SA down with the "delete" command of setkey. I just=20
need to get the SPI. That's true ?

> In the second case, you can use the config reload function, but you'll
> need to use HEAD version to have it, or wait for the 0.7 branch.
>  =20
Arrh ... what is HEAD version ? how to get it ?

> Are you talking about the conf reload mode, or about the "purge SAs"
> in the monitor ?
>
>  =20
I can have to purge a SA from a freezed peer, in this case I need to=20
purge the SA. But if I have to test a config, I can need to reload=20
config of racoon without dropping any other tunnel.
> I reported the first one to HEAD (so it will be included in 0.7.x),
> but the second uses a custom PFKey message, which is not (yet ?)
> public (as I didn't expect other people would need it), which is
> mainly a kernel patch.
>
>  =20
Where can I get such a kernel patch ?
Do you know when the 0.7 mainline stream will be out ?
Thanks for your answers

Wilfried
> Yvan.
>
>  =20