[strongSwan] How to bypass the strongSwan's IPsec Linux kernel interface

Martin Willi martin at strongswan.org
Tue Sep 10 09:33:10 CEST 2013


> return the private types of PDN_CONNECTION_REJECTION (8192) and
> MAX_CONNECTION_REACHED (8193) according to the 3GPP TS 24.302, section
> 8.1.2. 

> Does strongswan support this and how to configure?

No, we don't support these notifies nor this spec.

> do you have any suggestion of how to extend the existing code? I am not
> looking to implement a full scale server policy, but maybe just a
> trigger at a given time to make the server fail the connection setup
> request from a client with these private error types.

I haven't read this standard, so I don't know when these notifies must
be sent. If these checks get performed in IKE_AUTH, you might try to
extend the task at [1].



More information about the Users mailing list