[strongSwan] IKE_SA/CHILD_SA instance
Martin Willi
martin at strongswan.org
Thu Nov 8 09:18:46 CET 2012
Hi Jordan,
> I appreciate if any one could explain to me whether IKE_SA connection
> instance # is unique within the entire IKE_SA list?
Yes, they are, except for rekeyings. Each new IKE_SA gets an incremented
unique identifier, but a rekeyed IKE_SA that replaces an old IKE_SA
reuses the identifier of the replaced IKE_SA.
> I also have the same question for CHILD_SA. Is the instance ID unique
> with in the entire IPsec SA list?
Yes, but the same about rekeyings applies.
Regards
Martin
More information about the Users
mailing list