The IPsec stack does not care about outgoing packets but uses the SPI of incoming packets to look up the context in the SAD. If a packet replay-window is set then restrictions on the ESP packet sequence numbers apply.
Andreas Jianqing Zhang wrote: > When I configured SPD and SAD manually, I find that SPIs for the > outgoing packets could be same but those for incoming packets must be > unique. Why? ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users