<html><head></head><body><div class="ydp7f458ca5yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div></div>
<div><span style="color: rgb(38, 40, 42);">Hello,</span><br></div></div><div id="ydpa1959126yahoo_quoted_6867462564" class="ydpa1959126yahoo_quoted"><div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;"><div><div id="ydpa1959126yiv1598281844"><div class="ydpa1959126yiv1598281844yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr"><u>Setup</u></div><div dir="ltr">I have one IKE Responder and two IKE initiators (with different identities) which are able to establish IKE SA with the responder successfully.</div><div dir="ltr"><u>Version</u></div><div dir="ltr"><div><div>strongSwan 5.7.2dr2 swanctl</div></div><br></div><div dir="ltr"><br></div><div dir="ltr"><u>Issue</u></div><div dir="ltr">I want to establish additional CHILD_SA for each of these IKE-SA initiators from <u>Responder</u></div><div dir="ltr">However, both initiators IKE entries are assigned same connection name "net-net". In my ipsec.conf settings, connection name is given "net-net". </div><div dir="ltr">My problem is that when I initiate CHILD_SA using swanctl --initiate command, then I cannot identify separate IKE-SAs as both are assigned same name by Charon daemon.</div><div dir="ltr"><br></div><div dir="ltr">Please find output of command and ipsec.conf in the attached file.</div><div dir="ltr"><br></div><div dir="ltr">Queries</div><div dir="ltr">1. How to configure Responder to have each entry as separate connection name? I know I can define separate conn name configuration in .conf file but if I have 100K of connections then it will lead to big .conf file, which is difficult to manage.</div><div dir="ltr">1. Can I dynamically load <u>only</u> child configuration using "load_conn" command and then initiate CHILD_SA for that particular child with the child name. </div><div dir="ltr">I also tried to use GoVICI interface to load configurations (with same connection name) using load_conn command but it created new entry rather than updating existing one. </div><div dir="ltr"><br></div><div dir="ltr">Warm Regards,</div><div dir="ltr">Pankaj</div><div dir="ltr"> </div></div></div></div>
</div>
</div></body></html>