[strongSwan-dev] Any route change triggers unexpected IKE-SA reauth if left is not on output interface
Christophe Gouault
christophe.gouault at 6wind.com
Tue Nov 15 17:52:49 CET 2016
Hi Tobias,
I tested the first part (disable roaming if mobike is disabled and
left is one of my addresses). It fixes the problems I observed.
I have not tested the explicit "roaming" option yet, because my
configuration uses ipsec.conf, not swanctl.conf.
Again, thanks.
Christophe
2016-11-15 16:52 GMT+01:00 Christophe Gouault <christophe.gouault at 6wind.com>:
> Hi Tobias,
>
> Thank you very much.
> I'll do a few tests with this branch.
>
> Regards,
> Christophe
>
> 2016-11-15 16:37 GMT+01:00 Tobias Brunner <tobias at strongswan.org>:
>> Hi Christophe,
>>
>>> If the left address is specified and mobike is disabled for a
>>> connection, this reauth will anyway not entail a change of the source
>>> address. Would it makes sense to add an exception for such case?
>>
>> I guess we could. I've pushed a commit to the roam-ignore branch. Not
>> sure if this has any unwanted side-effects.
>>
>>> I don't use mobike for this connection, but I may enable it on other
>>> connections. I guess we cannot ignore routing events on a
>>> per-connection basis, can we?
>>
>> Currently not. But I suppose a connection specific option to disable
>> handling roam events could be added. I've pushed a prototype to the
>> aforementioned branch.
>>
>> Regards,
>> Tobias
More information about the Dev
mailing list