[strongSwan] Tunnel and Transport mode mismatch
Tobias Brunner
tobias at strongswan.org
Mon Jul 20 17:06:54 CEST 2020
Hi Makarand,
> When one side is set to transport and the other set to Tunnel, the child SA is built in Tunnel mode.
>
> Question: Is this the expected behaviour?
Yes, see RFC 7296, section 1.3.1:
The USE_TRANSPORT_MODE notification MAY be included in a request
message that also includes an SA payload requesting a Child SA. It
requests that the Child SA use transport mode rather than tunnel mode
for the SA created. If the request is accepted, the response MUST
also include a notification of type USE_TRANSPORT_MODE. If the
responder declines the request, the Child SA will be established in
tunnel mode.
Regards,
Tobias
More information about the Users
mailing list