[strongSwan] I try to add AH protocol support in charon and have some questions about it
Martin Willi
martin at strongswan.org
Fri Aug 24 08:58:50 CEST 2012
Hi,
> And want to try to add AH protocol support in charon for study.
>
> Put the AH and ESP in "two child_cfg and two child_sa" or in "one
> child_cfg and child_sa". or "one child_cfg and two child_sa" ?
You certainly would map each child_cfg to a single child_sa.
If you need two child_sa/child_cfg depends on your requirements: If you
need RFC 2401 ESP+AH bundles, you'd probably go with a single CHILD_SA.
These bundles are obsolete since RFC 4301. There you'd install two
CHILD_SAs separately, where the second selector matches the output of
the first.
Regards
Martin
More information about the Users
mailing list