> As per the implementation, an SPD entry would contain the destination > IP as selector field and uses the same as a key to search the SPD > table.
I don't think this will work; The remote selector does not have to be unique per CHILD_SA/policy. Having multiple CHILD_SAs having the same remote selector is perfectly fine, and is what load-tester establishes even when it requests a virtual IP. You should include the local address in the SPD lookup as well. Regards Martin _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users