Hi Michael, the name of <child> can be freely chosen. If you have a single CHILD_SA then you could name it the same as <conn>. With multiple CHILD_SAs each SA has a name of its own. As you correctly noticed "leftsubnet" equals "local_ts" and "rightsubnet" is "remote_ts".
With swanctl you start the CHILD_SA: swanctl --inititate --child <child> but you can terminate the CHILD_SA only: swanctl --terminate --child <child> or the IKE_SA with all dependent CHILD_SAs: swanctl --terminate --ike <conn> Best regards Andreas On 25.02.2016 11:45, Michael Lipp wrote:
Thanks a lot. I admit that I could have found this, if I had thought of the "config setup" section as actually NOT being related to connections. Here's another one: What does "leftsubnet" in ipsec.conf map to in swantctl.conf? I think it may be "connections.<conn>.children.<child>.local_ts", but I have no idea what value to use for "<child>". The examples use "net", but I don't understand where this value comes from. If there were several "connections.<conn>.children.<child>" sections with different "<child>" values, which one would be used? What's the criterion? - Michael _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
-- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
