[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKE proposal formation

> You can't. PF_KEY does not support bundles. Oh, there's been
> discussion about
> fixing that on the PF_KEY list but right now it does not
> exist. For one of the ideas on
> how to do it, see

Also, I wish to point out (again) that IPSEC (as per RFC-2401) works 100%
fine without any support for bundles from the the key management. The need
to add "bundles" into PFKEY is a pure IKE artifact, not required by the
IPSEC itself. (As I have tried to say several times on this mailing list,
key management should just negotiate keys, it does not need to concern
itself with the policy and bundles at all).