On Thu, Aug 27, 2009 at 5:43 PM, Tero Kivinen <kivi...@iki.fi> wrote: > > Bhaskar Dutta writes: > > Does any IPSec implementation support RFC 3554 (On the Use of Stream Control > > Transmission Protocol (SCTP) with IPsec)? > > Yes. Altough I do not know if it has been really tested (mostly just > using sctp_test and single pair of ip-addresses). > > > I am working on SCTP over IPSec (linux 2.6.27) and in case of multihoming > > unless > > RFC 3554 is supported I will need to configure 2 * n * m Security > > Associations. > > With IKEv2 you should just create one SA having multiple source and > destination addresses. Then if more addresses are later added you need > to create new SA with all of the addresses (or just new addresses). > -- > kivi...@iki.fi
Thanks a lot! I looked up for examples on setting up sainfo entries in racoon's remote.conf with multiple source/destination addresses but the man pages or searching the web did not lead to anything. Couldnt even find any examples with multiple entries in sainfo. Do you have any idea on how to write the sainfo entries in remote.conf and spdadd entries in setkey.conf that will work with multiple source/dest addresses? I did write to the ipsec-tools-users list but no luck yet. Thanks, Bhaskar _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
