Thank you very much Martin for clarifying. Jordan.
On Thu, Nov 8, 2012 at 2:16 AM, Martin Willi <[email protected]> wrote: > > > Is it possible to have multiple CHILD_SA under the same IKE_SA ? > > Yes. > > > Is it possible to have multiple CHILD_SA with different connection > > <NAME> under the same IKE_SA. > > Yes, ipsec.conf connections get merged if the IKE_SA-relevant parts are > equal. This results in a single IKE_SA specific configuration with > multiple CHILD_SA specific configurations attached to it. > > > That is if a CHILD_SA identifier is "n", can I use "ipsec down [n]" to > > delete the associated IKE_SA? > > No, that won't work. CHILD_SA and IKE_SA identifiers are not related at > all. They are often the same because they all start at one, but this is > not true anymore if you have multiple CHILD_SAs per IKE_SA. > > Regards > Martin > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
