[strongSwan] How to bypass the strongSwan's IPsec Linux kernel interface

Mao, Zhiheng zmao at qti.qualcomm.com
Tue Sep 10 07:57:32 CEST 2013


I have seen stronswan server return INTERNAL_ADDRESS_FAILURE (36) when there is no more virtual address to be assigned to a client. This is working fine. Similarly, I am also looking for a way to make strongswan return the private types of PDN_CONNECTION_REJECTION (8192) and MAX_CONNECTION_REACHED (8193) according to the 3GPP TS 24.302, section 8.1.2. 

Does strongswan support this and how to configure? Or if not, do you have any suggestion of how to extend the existing code? I am not looking to implement a full scale server policy, but maybe just a trigger at a given time to make the server fail the connection setup request from a client with these private error types. Thanks a lot!


More information about the Users mailing list