[strongSwan-dev] Any route change triggers unexpected IKE-SA reauth if left is not on output interface

Christophe Gouault christophe.gouault at 6wind.com
Fri Jan 27 17:49:27 CET 2017

Hi Tobias,

Do you intend to merge the roam-ignore branch?

As far as I am concerned, I would be very interested in these patches.


2016-11-15 17:52 GMT+01:00 Christophe Gouault <christophe.gouault at 6wind.com>:
> Hi Tobias,
> I tested the first part (disable roaming if mobike is disabled and
> left is one of my addresses). It fixes the problems I observed.
> I have not tested the explicit "roaming" option yet, because my
> configuration uses ipsec.conf, not swanctl.conf.
> Again, thanks.
> Christophe
> 2016-11-15 16:52 GMT+01:00 Christophe Gouault <christophe.gouault at 6wind.com>:
>> Hi Tobias,
>> Thank you very much.
>> I'll do a few tests with this branch.
>> Regards,
>> Christophe
>> 2016-11-15 16:37 GMT+01:00 Tobias Brunner <tobias at strongswan.org>:
>>> Hi Christophe,
>>>> If the left address is specified and mobike is disabled for  a
>>>> connection, this reauth will anyway not entail a change of the source
>>>> address. Would it makes sense to add an exception for such case?
>>> I guess we could.  I've pushed a commit to the roam-ignore branch.  Not
>>> sure if this has any unwanted side-effects.
>>>> I don't use mobike for this connection, but I may enable it on other
>>>> connections. I guess we cannot ignore routing events on a
>>>> per-connection basis, can we?
>>> Currently not.  But I suppose a connection specific option to disable
>>> handling roam events could be added.  I've pushed a prototype to the
>>> aforementioned branch.
>>> Regards,
>>> Tobias

More information about the Dev mailing list