[strongSwan-dev] Some doubts in Strongswan

bhashkar prakash singh singh.bhashkar at gmail.com
Thu Jun 25 17:11:14 CEST 2015


It would be great help if someone can reply to this mail.

I am waiting for your reply.

Thanks & Regards,

On Wed, Jun 24, 2015 at 11:13 PM, bhashkar prakash singh <
singh.bhashkar at gmail.com> wrote:

> Hi,
> 1 -  I have a case where our device is not able to process the inbound
> encrypted
> packets due to spi mismatch but device is able to encrypt and transmit the
> outbound packets.
> This can be possible in following scenario.
>        a- only inbound SA has been deleted but outbound SA still present.
> But is it
>        possible that strongswan delete only inbound SA but it still
> maintain outbound SA ?
>        b- Both inbound and out bound SA are present but inbound packets
> having spi that does
>           not match inbound SA spi ? But how can a remote gateway can send
> a packet with different spi when
>           negotiation has happened on some otehr spi ? is it possible ?
> 2-  Is it possible that local and remote peer, both act as initiator and
> responder at the same time ?
> is there any possibility of any error if both side act as initiator and
> responder ?
> How does we ensure strongswan only act as initiator or responder ?
> Thanks in advance.
> Regards,
> Bhashkar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150625/d55dd4c2/attachment.html>

More information about the Dev mailing list