Hi Vivek,
Now in this Scenario when the stack has exhausted the Max. No. of
retries and the SA is still not established, How can we make the stack
recover. i.e.when the problem is fixed(destination becomes reachable),
how can we make the stack to retry SA establishment.
You can set
Hi,
1. I was going through the update SA code, I figured out that the
replay data for an SA is fetched separately from the other SA data,
however, while adding the updated SA replay value is sent with other
entries. What is the reason for this discrepancy.
That's due to a limitation of the
Hi Martin ,
I went through the stronswan code to understand the IKE_SA and
CHILD_SA creation .
While going through the code I came across acquire function. The
comments for the function indicate that it processes the trigger from
the kernel for creation of CHILD_SAs.
1. Is it the only mechanism
Hi,
Thanks for your help.
I still have a doubt that who initiates the IKE SA and CHILD SA.
1. Is it kernel who initiates both?
2. Or Kernel just initiates the CHILD SA (through acquire() function
as per the SPD) and the IKE SA is initiated/triggered by reading the
ipsec.conf file from which he
Hi Martin,
Thanks for your help. The problem is that we have a propritary
implementaion of the IP stack in micro engine whose development is in
assembly language.
As per what you have suggested, I think it would make sense that we
let the kernel interface remain as is ( just change address
Hi Martin,
Thanks for your help.
For our implementation we need to port the strongswan stack on QNX.
QNX does not have a kernel, but only a microkernel. This we need to
remove any interface with the kernel in the strongswan stack and
replace it with our own interface.
Since Kernel
