[strongSwan] Query on Child SA Creation
Martin Willi
martin at strongswan.org
Wed Apr 21 08:03:38 CEST 2010
Hi,
> But I actually wanted this as a separate SA which can be enabled
> disabled separately.
You can initiate/terminate specific CHILD_SAs using curly brackets, e.g.
ipsec down connxy{}.
> And just wanted to know what is the criteria for deciding that a
> config should be a child of another one ?
Configurations from ipsec.conf get merged if the IKE_SA specific
parameters match (i.e. identities and addresses).
To initiate each CHILD_SA in a seperate IKE_SA, you may specify the
strongswan.conf option charon.reuse_ikesa = no.
Regards
Martin
More information about the Users
mailing list