[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] Query regardig multiple SA for the same "traffic selectors"
From: Martin Willi <martin () strongswan ! org>
Date: 2013-03-22 9:23:39
Message-ID: 1363944219.5240.4.camel () martin
[Download RAW message or body]
Hi,
> Following is the excerpt from the RFC-4301 (section 4.1) which suggests
> to support multiple SA between a given sender & receiver with same
> "traffic selectors". How to configure such connections(policies) in the
> ipsec.conf file ?
The Linux Netkey IPsec stack does not allow to install identical IPsec
policies. You can, however, associate unique XFRM marks to each
connection, making policies non-identical.
An example how this is used with iptables to assign per-connection DSCP
rules can be found at [1].
Regards
Martin
[1]http://www.strongswan.org/uml/testresults/ikev2/net2net-psk-dscp/index.html
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic