Hi,
When a CHILD_SA is rekeyed, there is a time when SAD will have two SA
entries corresponding to the CHILD_SA that is rekeyed.
Yes, you'll have two overlapping CHILD_SAs during rekeying.
how do we know which SA Entry is to be used out of the 2 Entries.
The kernel usually uses the newer SA
Martin Willi wrote:
It seems that if I remove all of the Ipv6 modules the IPsec doesn't work
Make sure to have at least a 2.6.29 kernel, apply the kernel patch [1]
or use the workaround patch for strongSwan (attached, breaks mixed v4/v6
tunnels).
Regards
Martin
Hello list,
I'm happy to report that RHEL 5.4 finally ships a fixed kernel so that
the issue with strongswan and especially DPD and ipsec status are gone.
Johannes
___
Users mailing list
Users@lists.strongswan.org
Hello,
I'm currently installing strongSwan on an embedded internet router. I
loaded all necessary modules before running ipsec start. After ipsec
start (charon only) these ipsec-related modules are loaded (manually
or by ipsec start):
Module Size Used byTainted: P
deflate
Hi,
I see strongSwan has been ported to support FreeBSD, seems like it is not
supported on Solaris. Is there a plan to port it to Solaris?
Thanks,
Roger
___
Users mailing list
Users@lists.strongswan.org