Hi Simon,
From the syslog, it would seem once a possible candidate is picked (by
their order in ipsec.conf), the proposal
selection would not look at the other conns that are also
192.168.3.193...%any. Is this true?
Yes, the current selection algorithm is very simple and based solely on
the
Hi Tobias,
Many thanks for the detailed explanation. Your proposed solution is a good fit
for our system.
Simon
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Hi Tobias,
Thank you so much for your quick response. It is good to know that there is a
reason for charon to
know about IKEv1 connections. But the problem I am facing is not over yet.
Apparently root cause of my mistaken identity problem is right=%any. Ordering
ikev2 tunnels ahead of
ikev1