Hello Running -current I have currently got a minor issue with iked.
Trying to connect a security gateway running OpenIKED to a Fortinet IPSEC fw. Connection is set up and seems to work (mostly) but following behaviour is a bit of an issue.
IKED sends one CHILD_SA request containing all Traffic Selectors. This is RFC 5996 conform. Sadly some of the proprietary VPN boxes have a *suboptimal* implementation and want *one* CHILD_SA per traffic selector.
Reading ikevd/ikev2.c I found comments about iked not being able to initiate multiple concurrent CREATE_CHILD_SA exchanges.
Coming round to my question - is it somehow possible to configure iked in such a way, that it sends one CHILD_SA per Traffic Selector or do I read the code correctly and it is simply NOT possible?
Cheers Kim
