Re: [strongSwan] SDP database per interface.
Hi, Increasing the audience to get the answer. Thanks, Raj On Sat, Dec 4, 2010 at 11:41 AM, Raj Singh rsjen...@gmail.com wrote: Hi All, I am not very advanced user of StrongSwan. Is StrongSwan provide support to define SPD per interface ? Means while installing the IPsec SA in linux kernel can we mention interface name ? Some examples will be very helpful. Thanks, Raj ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] routing issue with IKEv1 tunnels after upgrade to 4.5.0
Hi Benoit, If defaultTunnel is established first and t1 second, the strongSwan server receives the traffic from the tunnel t1 but doesn't send back packets through it. The traffic seems to always be routed to the tunnel defaultTunnel. If t1 is established first and defaultTunnel second, it works. Any ideas why this doesn't work anymore after upgrading? Is there a way to ensure this always work regardless of the connection establishment order? The observed behavior is due to a difference between pluto's 4.4.1 kernel interface and charon's kernel interface plugins which pluto uses in 4.5.0. The difference is the calculation of the priorities assigned to policies installed in the kernel. Whereas pluto did include the netmask of the destination net in this calculation, charon did not so far. Thus, the priorities of the policies installed in your case are equal and the kernel obviously chooses the one installed first. I commited a patch to master [1] which changes the kernel interfaces to include the destination net into the priority calculation. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=e6f42b07 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
