[strongSwan-dev] sequence flow for strongswan market app (noticed ip address assignment after child sa completes)
Tobias Brunner
tobias at strongswan.org
Mon Mar 9 10:42:01 CET 2015
> In your thread you have mentioned that after IKE_SA setup and before
> child SA setup completes ipsec0 will be assigned an IP address.
> My query was what configuration setting in strongswan android app was
> made to defer the ip address configuration until after the child sa is
> setup.
Martin was referring to what happens on Linux (via kernel-netlink
plugin). On Android we use the VpnService API to create the TUN device
and install the virtual IP(s), the charon.install_virtual_ip option is
disabled to prevent the kernel-netlink plugin from attempting to install
the IP (the app doesn't have the permission to do so).
Regards,
Tobias
More information about the Dev
mailing list