libcharon: Enable make_before_break option by default

diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index f18417fb872d5e681ef2402a492610c8bae9f806..d3ddf061502b8626da361479c0fa40027c08bb53 100644 (file)
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -283,7 +283,7 @@ charon.max_ikev1_exchanges = 3
 charon.max_packet = 10000
        Maximum packet size accepted by charon.
 
-charon.make_before_break = no
+charon.make_before_break = yes
        Initiate IKEv2 reauthentication with a make-before-break scheme.
 
        Initiate IKEv2 reauthentication with a make-before-break instead of a

diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 883900efe61de6a843f2d477360a3abdb457f37c..be41f84e091e3a1adf15bdd5d0ea4e2f64ca022c 100644 (file)
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1,7 +1,8 @@
 /*
  * Copyright (C) 2007-2019 Tobias Brunner
  * Copyright (C) 2007-2010 Martin Willi
- *
+ * Copyright (C) 2023 Andreas Steffen, strongSec GmbH
+
  * Copyright (C) secunet Security Networks AG
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -2662,7 +2663,7 @@ task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa)
                .retransmit_limit = lib->settings->get_int(lib->settings,
                                        "%s.retransmit_limit", 0, lib->ns) * 1000,
                .make_before_break = lib->settings->get_bool(lib->settings,
-                                       "%s.make_before_break", FALSE, lib->ns),
+                                       "%s.make_before_break", TRUE, lib->ns),
        );
 
        if (this->retransmit_base > 1)