[strongSwan-dev] Any route change triggers unexpected IKE-SA reauth if left is not on output interface
Christophe Gouault
christophe.gouault at 6wind.com
Fri Jan 27 17:49:27 CET 2017
Hi Tobias,
Do you intend to merge the roam-ignore branch?
As far as I am concerned, I would be very interested in these patches.
Regards,
Christophe
2016-11-15 17:52 GMT+01:00 Christophe Gouault <christophe.gouault at 6wind.com>:
> Hi Tobias,
>
> I tested the first part (disable roaming if mobike is disabled and
> left is one of my addresses). It fixes the problems I observed.
>
> I have not tested the explicit "roaming" option yet, because my
> configuration uses ipsec.conf, not swanctl.conf.
>
> Again, thanks.
> Christophe
>
>
>
> 2016-11-15 16:52 GMT+01:00 Christophe Gouault <christophe.gouault at 6wind.com>:
>> Hi Tobias,
>>
>> Thank you very much.
>> I'll do a few tests with this branch.
>>
>> Regards,
>> Christophe
>>
>> 2016-11-15 16:37 GMT+01:00 Tobias Brunner <tobias at strongswan.org>:
>>> Hi Christophe,
>>>
>>>> If the left address is specified and mobike is disabled for a
>>>> connection, this reauth will anyway not entail a change of the source
>>>> address. Would it makes sense to add an exception for such case?
>>>
>>> I guess we could. I've pushed a commit to the roam-ignore branch. Not
>>> sure if this has any unwanted side-effects.
>>>
>>>> I don't use mobike for this connection, but I may enable it on other
>>>> connections. I guess we cannot ignore routing events on a
>>>> per-connection basis, can we?
>>>
>>> Currently not. But I suppose a connection specific option to disable
>>> handling roam events could be added. I've pushed a prototype to the
>>> aforementioned branch.
>>>
>>> Regards,
>>> Tobias
More information about the Dev
mailing list