Hi, I have some queries:-
1. In case I need to create a tunnel with mutiple child SAs, would there be different connection for each tunnel ip - virtual IP pair or there is a single connection containing all the virtual IPs corresponding to each Child SA? 2. In case there is a single connection for the IKE SA and child SAs inside it, would I need to shutdown the complete tunnel to change IP address corresponding to one CHILD_SA? 3. There is a parameter is strongswan.conf charon_process_route. If we set this parameter to "No", and I always specify the IP address in IPSec.conf. Then the charon stack would not require the routing table for any of its fucntionality. Is this assumption correc? Actually, for our implementation wanted to remove the netlink interface interfacing the routing table and adding/removing IP address. We can comment the code that installs the virtual IP into the kernel. We were thinking of always providing the complete IP addresses in IPSec.conf and setting charon_process_route = "no". Will this be sufficient. Thanks in advance for all your support Vivek _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users