[strongSwan-dev] support for {left,right}allowany in charon?
Tobias Brunner
tobias at strongswan.org
Wed May 30 15:45:09 CEST 2012
Hi Mirko,
> it turns out this doesn't work well yet when the DNS server is
> unreachable during connection startup.
> ...
> No further retries are done, net-net stays down.
> ...
> Would it be an option to proceed in spite of the missing peer IP
> address, and do the name resolution later, so it can be retried?
I pushed three patches which enable charon to retry initiating an IKE_SA
if it initially failed due to a failed address lookup ([1]-[3], won't
apply cleanly to 4.6.3). This feature is disabled by default, but can
be enabled by setting charon.retry_initiate_interval to the time after
which charon should retry initiating the IKE_SA.
Regards,
Tobias
[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=eac9d770
[2] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=60c82591
[3] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=77e42826
More information about the Dev
mailing list