[Swan] multiple child SA
Paul Wouters
paul at nohats.ca
Fri Sep 4 12:54:00 UTC 2020
On Fri, 4 Sep 2020, Mehboob Ansari wrote:
> Please provide information on how to use below parameters in Ipsec.
>
> 1. extended sequence number (esn )
Add esn=yes. probably also tweak replay-window= to 256 or 1024 ?
https://github.com/libreswan/libreswan/tree/main/testing/pluto/ikev2-algo-esn-01
> 2. IPsecRekeylifetimeTime.
Add salifetime=
> 3. PLMNID in IKESA Table, how to validate it.
Can you point to an RFC on this? I have no idea how PLMNID would be
communicated at the IKE or IPsec level.
Paul
More information about the Swan
mailing list