[strongSwan-dev] Strongswan IKEv2 question
Tobias Brunner
tobias at strongswan.org
Tue Apr 24 09:51:16 CEST 2012
Hi Shu,
> 1. Can you help to explain how the IDi value is passed to Ike_auth.c's
> build_i function?
As can be seen in the code, this value is contained in an auth_cfg_t
object (line 420 of that file in the current master). If you use the
default configuration backend (i.e. ipsec.conf) this value is read from
the leftid/leftid2 options in the stroke plugin (stroke_config.c).
> 2. During Ipsec negotiation, if there is no IPSec SA assigned, will
> the IKE tunnel removed in this case?
You mean if no CHILD_SA gets established successfully? That can be
configured with the charon.close_ike_on_child_failure option in
strongswan.conf (which defaults to no, i.e. IKE_SAs are not closed by
default).
> 3. Doe current implementation support both IPv4 and IPv6 address (dual address)?
Yes.
Regards,
Tobias
More information about the Dev
mailing list