[strongSwan] transform policy without SPI?

[Tobias Brunner]

Hi Michael,

>>> In the transform policy we see the connection but without SPIs
>>> in "in" and "fwd" direction. An SPI does only exist for the "out"
>>> direction. How is that possible?
>>
>> That's normal and always the case.
> 
> Under what circumstance is that normal? After the termination of the
> child connection?

No, for any established CHILD_SA.  strongSwan only sets the SPI on 
outbound policies, never on the others.

Regards,
Tobias