>> strongSwan specific feature or it is specified by a RFC?
>It is strongSwan specific, other implementations might do this differently.
>You'll have to check this with your other implementation,
>maybe there are ways to do this manually.
>Regards
>Martin
Similarly I wish to apply to SCTP packets a cipher suite
that supersedes the cipher suite to be applied to all other
packets from the same IP@ (i.e. 10.5.0.1). Can this be done
by strongSwan with the example below? If yes, is this a
standard (RFC) feature or strongSwan specific?
Finally, what assumption can be done for priorities of policies
installed by to-HOST relative to SCTP from the same example?
conn to-HOST
also=host-host
leftsubnet=10.5.0.1
rightsubnet=10.6.0.2
esp=specific_1
auto=start
conn SCTP
also=host-host
leftsubnet=10.5.0.1
rightsubnet=0.0.0.0/0
rightprotoport=SCTP
leftprotoport=SCTP
esp=specific_2
auto=start
conn to-WORLD
also=host-host
leftsubnet=10.5.0.1
rightsubnet=0.0.0.0/0
esp=specific_3
auto=start
conn host-host
left=<IP address of left>
right=<IP address of right>
Best Regards
Mugur
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
