Hi, > And want to try to add AH protocol support in charon for study. > > Put the AH and ESP in "two child_cfg and two child_sa" or in "one > child_cfg and child_sa". or "one child_cfg and two child_sa" ?
You certainly would map each child_cfg to a single child_sa. If you need two child_sa/child_cfg depends on your requirements: If you need RFC 2401 ESP+AH bundles, you'd probably go with a single CHILD_SA. These bundles are obsolete since RFC 4301. There you'd install two CHILD_SAs separately, where the second selector matches the output of the first. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
