Martin,
Thanks for that. Using the config param:
esp=aes-sha1-modp1024,aes-sha1!
and a strongSwan rebuilt with your patch, everything now works. Both SeGWs
are happy. Phew!
Cheers,
Graham.
___
Users mailing list
Users@lists.strongswan.org
https://lis
Hi Martin
> To initiate each CHILD_SA in a seperate IKE_SA, you may specify the
> strongswan.conf option charon.reuse_ikesa = no.
Thanks for the update
One more observation related to this .
If I set reuse_ikesa=no then for bringing up the connection I can use "ipsec
up" without the "{ }" suff
Hi Graham,
> esp=aes-sha1-modp1024,aes-sha1!
>
> but this seems to confuse the SECOND segw (after successful initial
> tunnel setup, the second segw goes into an infinite immediate rekeying
> loop).
I did a test with this proposal, but it seems that we did not support
such mixed
Hi,
> But I actually wanted this as a separate SA which can be enabled
> disabled separately.
You can initiate/terminate specific CHILD_SAs using curly brackets, e.g.
ipsec down connxy{}.
> And just wanted to know what is the criteria for deciding that a
> config should be a child of another on
