[strongSwan-dev] Doubt on IPSec client TSr negotiation
siddesh r
siddu049 at gmail.com
Fri Sep 6 20:12:56 CEST 2013
Hi,
If client receives more number of traffic selectors in TSi/TSr than
requested, can it honour the response and creates child-sa(assuming
responder doesnot supports multiple child-sa).
For eg:
client's configuration
responder's configuration
TSi:198.10.0.1
TSr:10.0.0.0 - 10.0.0.255
TSr:10.0.0.0-10.255.255.255
TSr:10.0.22.0-10.0.22.255
client sends on startup:
TSi:198.10.0.1
TSr:10.0.0.0-10.255.255.255 ------------------------> responder
responds back
TSi:198.10.0.1
198.10.0.1
<-----------------------
TSr:10.0.0.0 - 10.0.0.255
TSr:10.0.22.0-10.0.22.255
on responder traffic selector narrowing will be done
can client honours and creates child-sa?
Is it acceptable scenario/
Thanks in advance,
sid
More information about the Dev
mailing list