[strongSwan] How Create multiple Child SA's in same IKE SA
Martin Willi
martin at strongswan.org
Tue Nov 19 11:42:21 CET 2013
Hi,
> How can create more then one child SA in same IKE SA
ipsec.conf connections get merged to the same configuration if they have
common properties for an IKE_SA (peer addresses, identities etc.).
You can, for example, define IKE_SA specific options in the %default
section, and then provide CHILD_SA specifics in separate conn entries.
Unless you set the charon.reuse_ikesa strongswan.conf option to "no",
connection initiation reuses an existing IKE_SA to create the additional
CHILD_SA.
Regards
Martin
More information about the Users
mailing list