[strongSwan] Query regardig multiple SA for the same "traffic selectors"
Martin Willi
martin at strongswan.org
Fri Mar 22 10:23:39 CET 2013
Hi,
> Following is the excerpt from the RFC-4301 (section 4.1) which suggests
> to support multiple SA between a given sender & receiver with same
> "traffic selectors". How to configure such connections(policies) in the
> ipsec.conf file ?
The Linux Netkey IPsec stack does not allow to install identical IPsec
policies. You can, however, associate unique XFRM marks to each
connection, making policies non-identical.
An example how this is used with iptables to assign per-connection DSCP
rules can be found at [1].
Regards
Martin
[1]http://www.strongswan.org/uml/testresults/ikev2/net2net-psk-dscp/index.html
More information about the Users
mailing list