[strongSwan] IKE_SA/CHILD_SA instance
yordanos beyene
yordanosb at gmail.com
Thu Nov 8 10:30:43 CET 2012
Thank you Tobia, and Martin.
It is good to know the identifier is unique.
I have a couple more related questions?
Is it possible to have multiple CHILD_SA under the same IKE_SA ?
Is it possible to have multiple CHILD_SA with different connection <NAME>
under the same IKE_SA.
The reason I am asking is that I want to know if it is possible to delete
IKE_SA, with CHILD_SA identifier. That is if a CHILD_SA identifier is "n",
can I use "ipsec down [n]" to delete the associated IKE_SA?
I appreciate your help in advance.
Jordan.
On Thu, Nov 8, 2012 at 12:18 AM, Martin Willi <martin at strongswan.org> wrote:
> Hi Jordan,
>
> > I appreciate if any one could explain to me whether IKE_SA connection
> > instance # is unique within the entire IKE_SA list?
>
> Yes, they are, except for rekeyings. Each new IKE_SA gets an incremented
> unique identifier, but a rekeyed IKE_SA that replaces an old IKE_SA
> reuses the identifier of the replaced IKE_SA.
>
> > I also have the same question for CHILD_SA. Is the instance ID unique
> > with in the entire IPsec SA list?
>
> Yes, but the same about rekeyings applies.
>
> Regards
> Martin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121108/a2898c35/attachment.html>
More information about the Users
mailing list