[strongSwan] Configuration Payload for IP Address Assignment Error Cases
Martin Willi
martin at strongswan.org
Wed Jun 27 09:53:42 CEST 2012
> does strongSwan keep trying to start the connection? Or is some manual
> intervention required? We have auto=start, dpdaction=restart,
> keyingtries=%forever, rekey=yes, if that matters...
No, this is considered as a permanent error, and no retries are done.
> I assume before your patch, the up/down script would be called with
> PLUTO_MY_SOURCEIP set to 0.0.0.0
Yes.
> and I wonder what else would happen? Would there be an IPSEC SA
> created?
If your responder returns all the required payloads (SA, TSi, TSr), and
the traffic selectors match to 0.0.0.0, yes.
> Sorry, I don't follow what you mean by "the physical IP (or something
> that contains it)". I don't understand what IP could be used or
> assumed, if the SeGW can not fulfill the client's request for an IP
> address assignment.
The client uses the tunnel outer address, the address the client uses to
communicate in IKE. As in a Host2Host or Host2Net tunnel.
Regards
Martin
More information about the Users
mailing list