[strongSwan-dev] strongswan PFP support
Martin Willi
martin at strongswan.org
Wed Jan 9 12:19:22 CET 2013
Hi,
> I'm studying stongswan recently, and just want to know whether strongswan
> supports PFP (populate from packet) feature defined in RFC 4301?
When an IPsec policy triggers the establishment of an SA, charon always
tries to negotiate a CHILD_SA with the full traffic selector from the
configuration (but it includes the packet TS in IKEv2 in front of the
full TS to give the responder a hint what triggered the SA).
So no, "populate from packet" is not really supported.
Regards
Martin
More information about the Dev
mailing list