[strongSwan-dev] RFC 6054 support with HA plugin
emeric.poupon at stormshield.eu
Fri Mar 30 17:14:44 CEST 2018
I am concerned about AES-GCM issues related to segment responsibility changes (see https://tools.ietf.org/html/rfc6311#section-3.4)
https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStandards states RFC6454 is supported.
Could you please provide more details about it?
As far as I understand, each member of the cluster should have a unique SID assigned and use this SID when emitting packets from the kernel stack.
This raises several questions:
- how does the userland set the sid in the kernel?
- how is the sid is computed so that it is unique within the cluster? How many bits are reserved for this sid?
More information about the Dev