Hi,
I just though of explaining my queries a bit more. You can ignore my
previous mail:-
1. In case I need to create a tunnel with mutiple child SAs, would
there be different connection for each tunnel ip - virtual IP pair or
there is a single connection containing all the virtual IPs
correspondi
Hi,
Thanks for your help.
Some more queries:-
1.Did you mean that if I change any parameter in ipsec.conf then I
have to delete the IKE SA and all the corresponding CHILD SA's and
then apply the new configuration?
2. Is it possible to not to delete an SA and apply the new settings on
the CHILD
Hi Vivek,
you can change any connection parameter by
1) redefining it in ipsec.conf
2) taking down the active connection executing
ipsec down
3) execute
ipsec update
which transfers the new connection definition to the charon daemon.
4) execute
ipsec up
if auto=add. with
Hi,
Thanks for your detailed response.
1. We had a requirement to change the internal/virtual IP at runtime
after charon is spawned. Is it possible to change the internal/virtual
IP in a tunnel once the stack is spawned? We went through the code and
found that deletion of outer/tunnel IP and inn
Hi Vivek,
vivek bairathi wrote:
> Hi all,
>
> I have a requirement for creating tunnel SAs. After reading
> strongswan documentation and code I arrived at the following
> conclusion:-
>
> 1. left| right source IP in the conn section of ipsec.conf is used to
> specify the internal IP in the tunne
Hi all,
I have a requirement for creating tunnel SAs. After reading
strongswan documentation and code I arrived at the following
conclusion:-
1. left| right source IP in the conn section of ipsec.conf is used to
specify the internal IP in the tunnel( virtual IP). The external
tunnel IP will be
