[strongSwan] How to bypass the strongSwan's IPsec Linux kernel interface
zmao at qti.qualcomm.com
Tue Sep 10 18:19:33 CEST 2013
From: Martin Willi [mailto:martin at strongswan.org]
Sent: Tuesday, September 10, 2013 12:33 AM
To: Mao, Zhiheng
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] How to bypass the strongSwan's IPsec Linux kernel interface
> return the private types of PDN_CONNECTION_REJECTION (8192) and
> MAX_CONNECTION_REACHED (8193) according to the 3GPP TS 24.302, section
> Does strongswan support this and how to configure?
No, we don't support these notifies nor this spec.
> do you have any suggestion of how to extend the existing code? I am
> not looking to implement a full scale server policy, but maybe just a
> trigger at a given time to make the server fail the connection setup
> request from a client with these private error types.
I haven't read this standard, so I don't know when these notifies must be sent. If these checks get performed in IKE_AUTH, you might try to extend the task at .
More information about the Users