From 6524bd3cd5810874f1b9a799c9671ba05e3c909a Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 19 Mar 2020 16:04:01 +0100 Subject: [PATCH] ike: Optionally use DPD to check if the current path still works We could maybe check the duration of the last stale condition or when the last packet was sent as filter to avoid unnecessary updates. --- conf/options/charon.opt | 11 +++++++++++ src/libcharon/sa/ike_sa.c | 8 ++++++++ 2 files changed, 19 insertions(+) diff --git a/conf/options/charon.opt b/conf/options/charon.opt index b6e55e1125..52983ee63d 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -40,6 +40,17 @@ charon.cache_crls = no Certification Authority (CA) to **/etc/ipsec.d/crls** (stroke) or **/etc/swanctl/x509crl** (vici), respectively. +charon.check_current_path = no + Whether to use DPD to check if the current path still works after any + changes to interfaces/addresses. + + By default, after detecting any changes to interfaces and/or addresses no + action is taken if the current path to the remote peer still looks usable. + Enabling this option will use DPD to check if the path actually still works, + or, for instance, the peer removed the state after a longer phase without + connectivity. It will also trigger a MOBIKE update if NAT mappings were + removed during the downtime. + charon.cisco_unity = no Send Cisco Unity vendor ID payload (IKEv1 only). diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 5e54208ec0..e482d55eed 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -2708,6 +2708,14 @@ METHOD(ike_sa_t, roam, status_t, this->task_manager->queue_mobike(this->task_manager, FALSE, TRUE); return this->task_manager->initiate(this->task_manager); } + if (lib->settings->get_bool(lib->settings, + "%s.check_current_path", FALSE, lib->ns) && + !this->task_manager->busy(this->task_manager)) + { + DBG1(DBG_IKE, "checking if current path still works using DPD"); + this->task_manager->queue_dpd(this->task_manager); + return this->task_manager->initiate(this->task_manager); + } return SUCCESS; } -- 2.39.2