[strongSwan] transform policy without SPI?
Michael Schwartzkopff
ms at sys4.de
Tue Aug 16 13:29:57 CEST 2022
On 16.08.22 13:24, Tobias Brunner wrote:
> Hi Michael,
>
>> In the transform policy we see the connection but without SPIs
>> in "in" and "fwd" direction. An SPI does only exist for the "out"
>> direction. How is that possible?
>
> That's normal and always the case.
Under what circumstance is that normal? After the termination of the
child connection?
We also have the problem, that the SPIs are still empty AFTER a
renegotiation of the child. So
swanctl -i --child myconnection
the log shows that new child SPIs are negotiated but only the "out" SPI
is updated in the kernel policy. The "in" and the "fwd" policies are
still without SPIs if I show the xfrm policy.
See my other post as of Tue Aug 9 15:59:14 CEST 2022 to this list.
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the Users
mailing list