[strongSwan-dev] Strongswan IKEv2 question

Tobias Brunner tobias at strongswan.org
Tue Apr 24 09:51:16 CEST 2012

Hi Shu,

> 1. Can you help to explain how the IDi value is passed to Ike_auth.c's
> build_i function?

As can be seen in the code, this value is contained in an auth_cfg_t
object (line 420 of that file in the current master).  If you use the
default configuration backend (i.e. ipsec.conf) this value is read from
the leftid/leftid2 options in the stroke plugin (stroke_config.c).

> 2.   During Ipsec negotiation, if there is no IPSec SA assigned, will
> the IKE tunnel removed in this case?

You mean if no CHILD_SA gets established successfully?  That can be
configured with the charon.close_ike_on_child_failure option in
strongswan.conf (which defaults to no, i.e. IKE_SAs are not closed by

> 3. Doe current implementation support both IPv4 and IPv6 address (dual address)?



More information about the Dev mailing list