Hi Mugur,
There is any way to tell to strongSwan that there is traffic in order
to avoid sending INFORMATIONAL messages in this case?
strongSwan queries the kernel-interface for SA usage. If you are using
kernel-netlink as backend, Linux usually provides this information when
querying the
: [strongSwan] liveness mechanism for BITW IPsec
Hi Mugur,
There is any way to tell to strongSwan that there is traffic in
order to avoid sending INFORMATIONAL messages in this case?
strongSwan queries the kernel-interface for SA usage. If you are using
kernel-netlink as backend, Linux usually
We are not using a custom kernel backend. Our application uses the
netlink socket interface and sets-up the cryptographic HW engine with
SA events from strongSwan.
While you are using the kernel-netlink plugin and the Netlink XFRM
interface, you are probably not using a vanilla Linux XFRM
Hi Martin
in the end you'll just have to respond appropriately to the
XFRM_MSG_GETSA/XFRM_MSG_GETPOLICY requests with SA usage information
Thank you
Regards
Martin
___
Users mailing list
Users@lists.strongswan.org
Hello,
In our Bump In The Wire IPsec implementation (strongSwan 4.5.2-al4) the
INFORMATIONAL messages are periodically sent even if there is traffic on the
tunnel. Since the tunnel traffic is not seen by Linux this seems normal.
There is any way to tell to strongSwan that there is traffic in