Hi Tobias, Thank you for taking the time to reply to my request, How can I get the same behavior for Per connection via vici. I believe dropping the connection when global initiator_only is marked as yes is done in Charon code and not via iptables . Please guide me on the per-connection option if it's configurable.
Thanks, Naveen On Tue, Apr 7, 2020 at 1:05 AM Tobias Brunner <tob...@strongswan.org> wrote: > Hi Naveen, > > > I see that we have a global " *initiator_only = yes/no* " configuration > > in charon.conf, is it possible to configure this for per connection via > > vici, so that the initiator is only responsible for initiating the > > connection. > > That option is global because it causes any initial IKE message to get > dropped very early. But if you don't configure a single remote IP > address, a connection can't be used for initiation. > > Regards, > Tobias >
