[strongSwan] Transport mode - specific ports only

James Masson james.masson at jmips.co.uk
Wed Mar 6 10:57:40 CET 2019

Hi list,

I've got a working configuration for a collection of servers using
transport mode to encrypt only a subset of ports, using strongswan 5.7.2-1 .

However, it seems suboptimal, because the servers are generating and
deleting new SAs every few seconds - I presume for every client port <>
server port pair ? The traffic on these ports is UDP, so there would be
massive overhead in doing this.

Logs/config/SAs -

Can anybody point out a flaw in or improvements to my config?

To be clear, I'm after a config that does crypto negotiation once per IP
pair, but only encrypts traffic to/from a particular set of ports.


James M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190306/540b6aca/attachment.html>

More information about the Users mailing list