[strongSwan] vici initiator only or responder per connection
Naveen Neelakanta
naveen.b.neelakanta at gmail.com
Tue Apr 7 20:46:46 CEST 2020
Hi Tobias,
Thank you for taking the time to reply to my request, How can I get the
same behavior for Per connection via vici.
I believe dropping the connection when global initiator_only is marked as
yes is done in Charon code and not via iptables .
Please guide me on the per-connection option if it's configurable.
Thanks,
Naveen
On Tue, Apr 7, 2020 at 1:05 AM Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Naveen,
>
> > I see that we have a global " *initiator_only = yes/no* " configuration
> > in charon.conf, is it possible to configure this for per connection via
> > vici, so that the initiator is only responsible for initiating the
> > connection.
>
> That option is global because it causes any initial IKE message to get
> dropped very early. But if you don't configure a single remote IP
> address, a connection can't be used for initiation.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200407/543de217/attachment-0001.html>
More information about the Users
mailing list