Re: [strongSwan] Must the source IP in SA (used for outgoing packets) be the sender's IP?

strongSwan is an automatic keying daemon and does not care about manually configured SPs and SAs as long as they do not conflict with its own policies and associations. It seems to me that the strongSwan mailing list is not the right forum for your questions. Best regards Andreas Jianqing Zhang

[strongSwan] Cisco rejects requests if first esp algo not supported

Hello, We have an IPsec connection between a Cisco 2800 series and a strongSwan Linux box. Everything works fine when the Cisco box initiates the connection, but when the strongSwan box initiates the connection and the first algorithm in the esp= line isn't supported by the Cisco we get

[strongSwan] two installed tunnels for one connection ( ikev2 )

Hi, we changed the last days to ikev2 connections. Now we often have more than two tunnels for the same connection. Is this a config problem? Or is it a normal behavior? Thanks! Nicole ipsec statusall output: ffm02fw-bonn: 1.2.3.4[ffm02fw]...4.3.2.1[bonn] ffm02fw-bonn: CAs: C=DE, ST=Hessen,