On Sat, 2 May 2015, Herbert Xu wrote:
As it is you can never have more than one RW connection under kernel_netlink because they all share the same reqid copied over from the template. Since the reqid is used by kernel_netlink to identify SAs for the same connection, this means that the second RW connection will always kick the first one off.This patch fixes this by allocating a new reqid for each instance.
ahh, but the idea of the reqid= option is that it could remain static, so you can write static iptables rules for it. When not set in the conn, we request one via gen_reqid(). I guess what we should do is not allow reqid= to be specified in template connections. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
