[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKE proposal formation



> You can't. PF_KEY does not support bundles. Oh, there's been
> discussion about
> fixing that on the PF_KEY list but right now it does not
> exist. For one of the ideas on
> how to do it, see

Also, I wish to point out (again) that IPSEC (as per RFC-2401) works 100%
fine without any support for bundles from the the key management. The need
to add "bundles" into PFKEY is a pure IKE artifact, not required by the
IPSEC itself. (As I have tried to say several times on this mailing list,
key management should just negotiate keys, it does not need to concern
itself with the policy and bundles at all).



References: