Hi, > I'm studying stongswan recently, and just want to know whether strongswan > supports PFP (populate from packet) feature defined in RFC 4301?
When an IPsec policy triggers the establishment of an SA, charon always tries to negotiate a CHILD_SA with the full traffic selector from the configuration (but it includes the packet TS in IKEv2 in front of the full TS to give the responder a hint what triggered the SA). So no, "populate from packet" is not really supported. Regards Martin _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
