[strongSwan-dev] Doubt on IPSec client TSr negotiation

siddesh r Fri, 06 Sep 2013 18:22:04 -0700

Hi,

If client receives more number of traffic selectors in TSi/TSr than
requested, can it honour the response and creates child-sa(assuming
responder doesnot supports multiple child-sa).
For eg:
client's configuration
responder's configuration
TSi:198.10.0.1
TSr:10.0.0.0 - 10.0.0.255
TSr:10.0.0.0-10.255.255.255
TSr:10.0.22.0-10.0.22.255


client sends on startup:
TSi:198.10.0.1
TSr:10.0.0.0-10.255.255.255 ------------------------>        responder
responds back

     TSi:198.10.0.1

           198.10.0.1
                                          <-----------------------
    TSr:10.0.0.0 - 10.0.0.255

     TSr:10.0.22.0-10.0.22.255
on responder traffic selector narrowing will be done
can client honours and creates child-sa?

Is it acceptable scenario/

Thanks in advance,
sid

_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev

[strongSwan-dev] Doubt on IPSec client TSr negotiation

Reply via email to