[Openswan Users] Port floating and DPD
Michael Smith
msmith at cbnco.com
Thu May 27 11:56:59 EDT 2010
Paul Wouters wrote:
> On Thu, 27 May 2010, sertys at estates.bg wrote:
>
>> If the SA has been mapped to
>> gprs-gate.operator.com:1234, i now receive packets from
>> gprs-gate.operator.com:5678. Is there a way to configure strongswan to
>> recognize these DPDs and re-map the SA or re-negotiate it.
> From a protocol point of view, the IPsec SA should die and a new one should
> be started, perhaps assisted with DPD that will kill the old SA.
I saw code in the kernel (NETKEY) to detect a new mapping in a data
packet and send a netlink message (XFRMNLGRP_MAPPING). I didn't find
that constant in the openswan source anywhere, but I might be looking
for the wrong thing.
Mike
More information about the Users
mailing list