[strongSwan-dev] need for calling TASK_IKE_CONFIG before TASK_CHILD_CREATE in task_manager_v2.c

Ravi Kanth Vanapalli vvnrk.vanapalli at gmail.com
Fri Mar 6 23:46:01 CET 2015


Dear Martin,
  In case of Strongswan Android Market App, the IP address assignment, MTU
setting to the ipsec0 interface is handled Android framework VPN JNI
module.This will be after the IKE_SA and Child_SA is setup.
  Could you please give more details, how the configuration setup happens
in the Strongswan Android market app is different ?

Regards,
Ravikanth

On Thu, Mar 5, 2015 at 8:54 AM, Martin Willi <martin at strongswan.org> wrote:

>
> > My understanding was ip address assignment to interface can happen
> > later after child SA is negotiated with tunnel end point using the
> > virtual ip stored in the Strongswan internal data structures.
>
> No, this won't work. Negotiating the CHILD_SA installs IPsec SAs and
> policies to the kernel, along with a source route to actually make use
> of these policies. If the virtual IP is not installed to the kernel,
> installing the source route is not possible.
>
> Not sure what you want to achieve by deferring virtual IP installation,
> but that won't work with the way strongSwan handles CHILD_SA setup.
>
> Regards
> Martin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150306/6299edf3/attachment-0001.html>


More information about the Dev mailing list