[strongSwan-dev] Some doubts in Strongswan

bhashkar prakash singh singh.bhashkar at gmail.com
Wed Jun 24 19:43:06 CEST 2015


1 -  I have a case where our device is not able to process the inbound
packets due to spi mismatch but device is able to encrypt and transmit the
outbound packets.

This can be possible in following scenario.

       a- only inbound SA has been deleted but outbound SA still present.
But is it
       possible that strongswan delete only inbound SA but it still
maintain outbound SA ?

       b- Both inbound and out bound SA are present but inbound packets
having spi that does
          not match inbound SA spi ? But how can a remote gateway can send
a packet with different spi when
          negotiation has happened on some otehr spi ? is it possible ?

2-  Is it possible that local and remote peer, both act as initiator and
responder at the same time ?
is there any possibility of any error if both side act as initiator and
responder ?
How does we ensure strongswan only act as initiator or responder ?

Thanks in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150624/08ae8e10/attachment.html>

More information about the Dev mailing list