]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7ae344a)
vici: Make active roaming configurable roam-ignore
authorTobias Brunner <tobias@strongswan.org>
Tue, 15 Nov 2016 15:28:34 +0000 (16:28 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 17 Feb 2017 10:33:34 +0000 (11:33 +0100)
src/libcharon/plugins/vici/vici_config.c patch | blob | blame | history
src/swanctl/swanctl.opt patch | blob | blame | history

diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 12497ec5eefa9550abf65fce791d3201c3b28ae1..8becdf1dc84a994a941398adbf1b5a005eecbef6 100644 (file)
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -295,6 +295,7 @@ typedef struct {
        bool aggressive;
        bool encap;
        bool mobike;
+       bool roaming;
        bool send_certreq;
        bool pull;
        cert_policy_t send_cert;
@@ -397,6 +398,7 @@ static void log_peer_data(peer_data_t *data)
        DBG2(DBG_CFG, "  send_certreq = %u", data->send_certreq);
        DBG2(DBG_CFG, "  send_cert = %N", cert_policy_names, data->send_cert);
        DBG2(DBG_CFG, "  mobike = %u", data->mobike);
+       DBG2(DBG_CFG, "  roaming = %u", data->roaming);
        DBG2(DBG_CFG, "  aggressive = %u", data->aggressive);
        DBG2(DBG_CFG, "  dscp = 0x%.2x", data->dscp);
        DBG2(DBG_CFG, "  encap = %u", data->encap);
@@ -1553,6 +1555,7 @@ CALLBACK(peer_kv, bool,
                { "dscp",                       parse_dscp,                     &peer->dscp                                     },
                { "encap",                      parse_bool,                     &peer->encap                            },
                { "mobike",                     parse_bool,                     &peer->mobike                           },
+               { "roaming",            parse_bool,                     &peer->roaming                          },
                { "dpd_delay",          parse_time,                     &peer->dpd_delay                        },
                { "dpd_timeout",        parse_time,                     &peer->dpd_timeout                      },
                { "fragmentation",      parse_frag,                     &peer->fragmentation            },
@@ -2195,6 +2198,7 @@ CALLBACK(config_sn, bool,
                .children = linked_list_create(),
                .proposals = linked_list_create(),
                .mobike = TRUE,
+               .roaming = TRUE,
                .send_certreq = TRUE,
                .pull = TRUE,
                .send_cert = CERT_SEND_IF_ASKED,
@@ -2352,6 +2356,7 @@ CALLBACK(config_sn, bool,
                .jitter_time = peer.rand_time,
                .over_time = peer.over_time,
                .no_mobike = !peer.mobike,
+               .no_roaming = !peer.roaming,
                .aggressive = peer.aggressive,
                .push_mode = !peer.pull,
                .dpd = peer.dpd_delay,
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index cd2d9142ddb84af5f01a4675ea6501c368b52a59..33fc8874f0cb69784b1002e4f2e83c349cf6d2c1 100644 (file)
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -120,6 +120,16 @@ connections.<conn>.encap = no
        Usually this is not required, but it can help to work around connectivity
        issues with too restrictive intermediary firewalls.
 
+connections.<conn>.roaming = yes
+       Enable active roaming between IP addresses/interfaces.
+
+       Enable active roaming between IP addresses/interfaces. Disabling this causes
+       this connection to ignore any local changes in interfaces, IP addresses or
+       routes and therefore prevents the active switching to different source
+       addresses. However, if valid packets are received on a different IP address
+       there might still be a switch. Disabling this implicitly disables MOBIKE on
+       IKEv2 connections.
+
 connections.<conn>.mobike = yes
        Enables MOBIKE on IKEv2 connections.
 
Unnamed repository; edit this file 'description' to name the repository.