Hi Terry, > What's this req id range issue you mentioned? > Could you elaborate more on this?
The reqid is one of the key elements the Linux kernel uses to find a state (IPsec SA) based on an IPsec policy that matched a packet. If two daemons use the same reqids (charon simply starts with 1 and increases this number with each CHILD_SA, if it is not set via ipsec.conf) this could lead to conflicts. Fortunately, the reqid is not the only property the kernel compares, for instance, the source and destination IP addresses are also considered. So I may have exaggerated the issue a bit, as conflicts might only arise in very specific situations. In your case it's no problem, anyway, as only one of the instances actually interacts with the kernel. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
