Dear Martin, In case of Strongswan Android Market App, the IP address assignment, MTU setting to the ipsec0 interface is handled Android framework VPN JNI module.This will be after the IKE_SA and Child_SA is setup. Could you please give more details, how the configuration setup happens in the Strongswan Android market app is different ?
Regards, Ravikanth On Thu, Mar 5, 2015 at 8:54 AM, Martin Willi <mar...@strongswan.org> wrote: > > > My understanding was ip address assignment to interface can happen > > later after child SA is negotiated with tunnel end point using the > > virtual ip stored in the Strongswan internal data structures. > > No, this won't work. Negotiating the CHILD_SA installs IPsec SAs and > policies to the kernel, along with a source route to actually make use > of these policies. If the virtual IP is not installed to the kernel, > installing the source route is not possible. > > Not sure what you want to achieve by deferring virtual IP installation, > but that won't work with the way strongSwan handles CHILD_SA setup. > > Regards > Martin > >
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
