Hi,

I have some queries:-

1. In case I need to create a tunnel with mutiple child SAs, would
there be different connection for each tunnel ip - virtual IP pair or
there is a single connection containing all the virtual IPs
corresponding to each Child SA?

2. In case there is a single connection for  the IKE SA and  child SAs
inside it, would I need to shutdown the complete tunnel to change IP
address corresponding to  one CHILD_SA?

3. There is  a parameter is strongswan.conf charon_process_route. If
we set this parameter to "No",  and I always specify the IP address in
IPSec.conf. Then the charon stack would not require the routing table
for any of its fucntionality. Is this assumption correc?
 Actually, for our implementation wanted  to remove the netlink
interface interfacing the routing table and adding/removing IP
address. We can comment the code that installs the virtual IP into the
kernel.

We were thinking of always providing the complete IP addresses in
IPSec.conf and setting charon_process_route = "no".  Will this be
sufficient.

Thanks in advance for all your support

Vivek
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to