Hi
I have a query on Child SA creation.
I have a ipsec.conf configuration which has two very similar
configurations listed .The only difference between them is the protocol
(leftprotoport).
Here is my ipsec.conf entry with the two configurations
conn 211TO60Tunnel
Hi,
But I actually wanted this as a separate SA which can be enabled
disabled separately.
You can initiate/terminate specific CHILD_SAs using curly brackets, e.g.
ipsec down connxy{}.
And just wanted to know what is the criteria for deciding that a
config should be a child of another one ?
Hi Graham,
esp=aes-sha1-modp1024,aes-sha1!
but this seems to confuse the SECOND segw (after successful initial
tunnel setup, the second segw goes into an infinite immediate rekeying
loop).
I did a test with this proposal, but it seems that we did not support
such mixed ESP
Martin,
Thanks for that. Using the config param:
esp=aes-sha1-modp1024,aes-sha1!
and a strongSwan rebuilt with your patch, everything now works. Both SeGWs
are happy. Phew!
Cheers,
Graham.
___
Users mailing list
Users@lists.strongswan.org
