Hi,
> But I actually wanted this as a separate SA which can be enabled
> disabled separately.
You can initiate/terminate specific CHILD_SAs using curly brackets, e.g.
ipsec down connxy{}.
> And just wanted to know what is the criteria for deciding that a
> config should be a child of another one ?
Configurations from ipsec.conf get merged if the IKE_SA specific
parameters match (i.e. identities and addresses).
To initiate each CHILD_SA in a seperate IKE_SA, you may specify the
strongswan.conf option charon.reuse_ikesa = no.
Regards
Martin
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
