[strongSwan] Query on Child SA Creation

shyamsundar.purkayastha at wipro.com shyamsundar.purkayastha at wipro.com
Wed Apr 21 09:41:19 CEST 2010 

Hi Martin

> To initiate each CHILD_SA in a seperate IKE_SA, you may specify the
> strongswan.conf option charon.reuse_ikesa = no.

Thanks for the update

One more observation related to this .

If I set reuse_ikesa=no then for bringing up the connection I can use "ipsec up" without the "{ }" suffix in the connection name. But I see that for bringing down the connection I need to specify the connection name with { } suffix otherwise the connection does not terminate.   

Is this the known behavior ?

Regards
Shyam

-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org] 
Sent: Wednesday, April 21, 2010 11:34 AM
To: Shyamsundar Purkayastha (WT01 - Telecom Equipment)
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Query on Child SA Creation

Hi,

> But I actually wanted this as a separate SA which can be enabled
> disabled separately. 

You can initiate/terminate specific CHILD_SAs using curly brackets, e.g.
ipsec down connxy{}.

> And just wanted to know what is the criteria for deciding that a
> config should be a child of another one ?

Configurations from ipsec.conf get merged if the IKE_SA specific
parameters match (i.e. identities and addresses).

To initiate each CHILD_SA in a seperate IKE_SA, you may specify the
strongswan.conf option charon.reuse_ikesa = no.

Regards
Martin



Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. 

www.wipro.com

More information about the Users mailing list