[strongSwan] Query regardig multiple SA for the same "traffic selectors"
martin at strongswan.org
Fri Mar 22 10:23:39 CET 2013
> Following is the excerpt from the RFC-4301 (section 4.1) which suggests
> to support multiple SA between a given sender & receiver with same
> "traffic selectors". How to configure such connections(policies) in the
> ipsec.conf file ?
The Linux Netkey IPsec stack does not allow to install identical IPsec
policies. You can, however, associate unique XFRM marks to each
connection, making policies non-identical.
An example how this is used with iptables to assign per-connection DSCP
rules can be found at .
More information about the Users