[strongSwan-dev] support for {left,right}allowany in charon?
Martin Willi
martin at strongswan.org
Fri May 25 11:52:32 CEST 2012
> Maybe a new option like retrydns or something could be added, either
> globally in strongswan.conf or even connection specific in ipsec.conf.
I think a global strongswan.conf option would be sufficient.
> Perhaps we could continue (if above option were set) and just hold off
> actually sending the packet while the remote address is %any.
Sounds reasonable. There is one problem, though: We can't generate the
packet yet, as we need the destination address for the NATD payloads.
This would make that approach utter complicated (unless we disable NAT
traversal if the option is set).
It probably would be simpler to have a dedicated retry mechanism
triggered by it's own job.
Regards
Martin
More information about the Dev
mailing list