[strongSwan] Is there possible for strongswan to support IKEv1 and IKEv2 at the same time at the same host?

Andreas Steffen andreas.steffen at strongswan.org
Wed May 5 11:39:00 CEST 2010


Hi,

in the default configuration the pluto daemon binds to the UDP ports 500
and 4500 whereas the charon daemon uses a raw socket with Linux
Socket Filter (LSF) rules filtering and forwarding IKE version 2
messages to the IKEv2 daemon. Thus it is no problem to use racoon
in place of charon for handling IKEv1 connections.

If only the charon daemon is used then the socket-raw plugin which is
built and loaded by default can be replaced by the socket-default
charon plugin which binds to UDP ports 500 and 4500 directly.

Best regards

Andreas

On 05.05.2010 10:48, MingM Xia wrote:
> Hi,
>
> It seems IKEv1 and IKEv2 use the same UDP port 500,  is there possible
> for strongswan to support IKEv1 and IKEv2 at the same time on the same
> host? It seems will make pluto and charon listenning on the same udp
> port 500,  does them work well?
>
> And how about racoon, racoon use the same udp port 500 too,  is there
> possible we use Racoon for IKEv1 and Charon for IKEv2 on the same host?
>
> Thanks.

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list