[strongSwan-dev] Phase 2 rekeying using different physical channel

Martin Willi martin at strongswan.org
Fri Jul 13 10:27:06 CEST 2012


> I would like to do rekeying of phase 2 using a different physical
> channel than the one i use for data.

What do you mean by a different physical channel? What about Phase 1?

> If the plugin interface has direct access to PF_KEY i guess it would be
> possible, am i right?

We have an abstraction layer for SAD/SPD management, called
kernel_interface_ipsec. We have different plugins providing an
implementation, including one for Netlink and one for PF_KEY. But I
don't understand how PF_KEY is related to your separated Phase 2


More information about the Dev mailing list