Hi
I have a query on Child SA creation.
I have a ipsec.conf configuration which has two very similar
configurations listed .The only difference between them is the protocol
(leftprotoport).
Here is my ipsec.conf entry with the two configurations
conn 211TO60Tunnel
left=10.201.114.211
leftcert=peerCert.der
right=10.201.114.178
rightid=C=CH, O=strongSwan, CN=178
keyexchange=ikev2
type=tunnel
auto=add
auth=ah
leftprotoport=udp
conn 211TO60TunnelICMP
left=10.201.114.211
leftcert=peerCert.der
right=10.201.114.178
rightid=C=CH, O=strongSwan, CN=178
keyexchange=ikev2
type=tunnel
auto=add
auth=ah
leftprotoport=icmp
When I do a ipsec start , I see that the 211TO60TunnelICMP
configuration is added as a child of 211TO60Tunnel . But I actually
wanted this as a separate SA which can be enabled disabled separately.
How can I achieve this in srongswan 4.3 ?
And just wanted to know what is the criteria for deciding that a config
should be a child of another one ?
Thanks in advance.
Regards
Shyam
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain proprietary, confidential or privileged information. If you are not the
intended recipient, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately and destroy all copies of this message and
any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted by this
email.
www.wipro.com
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users