[strongSwan-dev] Any route change triggers unexpected IKE-SA reauth if left is not on output interface

Christophe Gouault christophe.gouault at 6wind.com
Tue Nov 15 17:52:49 CET 2016

Hi Tobias,

I tested the first part (disable roaming if mobike is disabled and
left is one of my addresses). It fixes the problems I observed.

I have not tested the explicit "roaming" option yet, because my
configuration uses ipsec.conf, not swanctl.conf.

Again, thanks.

2016-11-15 16:52 GMT+01:00 Christophe Gouault <christophe.gouault at 6wind.com>:
> Hi Tobias,
> Thank you very much.
> I'll do a few tests with this branch.
> Regards,
> Christophe
> 2016-11-15 16:37 GMT+01:00 Tobias Brunner <tobias at strongswan.org>:
>> Hi Christophe,
>>> If the left address is specified and mobike is disabled for  a
>>> connection, this reauth will anyway not entail a change of the source
>>> address. Would it makes sense to add an exception for such case?
>> I guess we could.  I've pushed a commit to the roam-ignore branch.  Not
>> sure if this has any unwanted side-effects.
>>> I don't use mobike for this connection, but I may enable it on other
>>> connections. I guess we cannot ignore routing events on a
>>> per-connection basis, can we?
>> Currently not.  But I suppose a connection specific option to disable
>> handling roam events could be added.  I've pushed a prototype to the
>> aforementioned branch.
>> Regards,
>> Tobias

More information about the Dev mailing list