[strongSwan] Sending INIT_CONTACT during "ipsec up .... "
Marko Burazin
morkitz at gmail.com
Mon Nov 14 11:34:30 CET 2016
Hi,
I have sent this earlier, but haven't received a reply. Anyone got an idea
on why this behaviour is seen... Or should I raise a bug report ?
"As I understood from the docs, if one uses "uniqueids=keep" in the "config
setup" section of the ipsec.conf file, strongswan should send the
INIT_CONTACT message with the first IKE_AUTH request sent to the peer.
But, I also see that if I use "rightid=%any" in the same ipsec.conf file in
the "conn" section, this INIT_CONTACT is NOT being sent with IKE_AUTH
request. It's only if I use a more specific selector in the rightid
parameter that INIT_CONTACT is being sent with IKE_AUTH request when
bringing the connection up.
What is the reason for this ? Is it the expected behaviour ?"
Thanks again.
Regards,
Marko.
On Wed, Nov 9, 2016 at 4:04 PM Marko Burazin <morkitz at gmail.com> wrote:
> Hi,
>
> As I understood from the docs, if one uses "uniqueids=keep" in the "config
> setup" section of the ipsec.conf file, strongswan should send the
> INIT_CONTACT message with the first IKE_AUTH request sent to the peer.
>
> But, I also see that if I use "rightid=%any" in the same ipsec.conf file
> in the "conn" section, this INIT_CONTACT is NOT being sent with IKE_AUTH
> request. It's only if I use a more specific selector in the rightid
> parameter that INIT_CONTACT is being sent with IKE_AUTH request when
> bringing the connection up.
>
> What is the reason for this ? Is it the expected behaviour ?
>
> Thanks in advance.
>
> Regards,
> Marko.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161114/76fe7a5b/attachment.html>
More information about the Users
mailing list