[strongSwan] SPI range in 4.5.0
Andreas Steffen
andreas.steffen at strongswan.org
Fri Nov 19 12:30:09 CET 2010
Привет Владимир,
the charon IKEv2 daemon always restricted its SPI range to
0xC0000000-0xCFFFFFFF
whereas the pluto IKEv1 daemon going back to the FreeS/WAN
project always used the nearly complete range
0x1000 to 0xfffffffff
with the lowest SPIs reserved for manual ESP setup.
Thus if you are running IKEv2 only, you can use any SPI outside
the 0xCnnnnnnn range for your private application.
Kind regards
Andreas
On 19.11.2010 11:58, Владимир Подобаев wrote:
> Hello.
>
> In 4.4.1 version (pluto) there was SPI range from 0x1000 to 0xfffffffff.
>
> Now in 4.5.0 in kernel-netlink plugin it is reduced to 0xC0000000-0xCFFFFFFF.
> Just curious, why? Is it a some kind of convention?
>
> We need to use some SPI ranges for our private xfrm states (not strongswan). What ranges can we use?
>
> Thanks in advance!
>
> Best regards, Vladimir
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list