[strongSwan-dev] support for {left,right}allowany in charon?
Mirko Parthey
mirko.parthey at informatik.tu-chemnitz.de
Thu May 10 01:41:06 CEST 2012
On Wed, May 09, 2012 at 06:02:23PM +0200, Tobias Brunner wrote:
> > It looks like charon does not use the updated IP address for path checking,
> > nor does it resolve the peer's name again, which would also have provided the
> > updated address.
>
> Please try the attached patch (should apply to 4.6.3) which uses the
> source address of the current message instead of the cached address on
> the IKE_SA.
With your patch applied, I can now change the external IP addresses of
both gateways - the tunnel remains available as long as the current
IKE SA is kept.
Thanks,
Mirko
More information about the Dev
mailing list