[strongSwan] How to bypass the strongSwan's IPsec Linux kernel interface
Martin Willi
martin at strongswan.org
Tue Sep 10 09:33:10 CEST 2013
Hi,
> return the private types of PDN_CONNECTION_REJECTION (8192) and
> MAX_CONNECTION_REACHED (8193) according to the 3GPP TS 24.302, section
> 8.1.2.
> Does strongswan support this and how to configure?
No, we don't support these notifies nor this spec.
> do you have any suggestion of how to extend the existing code? I am not
> looking to implement a full scale server policy, but maybe just a
> trigger at a given time to make the server fail the connection setup
> request from a client with these private error types.
I haven't read this standard, so I don't know when these notifies must
be sent. If these checks get performed in IKE_AUTH, you might try to
extend the task at [1].
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/sa/ikev2/tasks/ike_auth.c#l513
More information about the Users
mailing list