Hi, > Following is the excerpt from the RFC-4301 (section 4.1) which suggests > to support multiple SA between a given sender & receiver with same > "traffic selectors". How to configure such connections(policies) in the > ipsec.conf file ?
The Linux Netkey IPsec stack does not allow to install identical IPsec policies. You can, however, associate unique XFRM marks to each connection, making policies non-identical. An example how this is used with iptables to assign per-connection DSCP rules can be found at [1]. Regards Martin [1]http://www.strongswan.org/uml/testresults/ikev2/net2net-psk-dscp/index.html _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
