[strongSwan-dev] strongswan PFP support

Allen Lu allenlu1212 at gmail.com
Wed Jan 9 16:50:16 CET 2013


Hi Martin,

Thank you very much for your quick response. From the strongswan view, how
to treat this PFP feature? Is there any plan to implement this PFP feature
for strongswan? Does also Linux Kernel need to be updated to support PFP
feature? Thanks.

Regards
Allen

2013/1/9 Martin Willi <martin at strongswan.org>

> Hi,
>
> > I'm studying stongswan recently, and just want to know whether strongswan
> > supports PFP (populate from packet) feature defined in RFC 4301?
>
> When an IPsec policy triggers the establishment of an SA, charon always
> tries to negotiate a CHILD_SA with the full traffic selector from the
> configuration (but it includes the packet TS in IKEv2 in front of the
> full TS to give the responder a hint what triggered the SA).
>
> So no, "populate from packet" is not really supported.
>
> Regards
> Martin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130109/3f16aad6/attachment.html>


More information about the Dev mailing list