From: Tobias Brunner Date: Fri, 28 Feb 2025 15:40:48 +0000 (+0100) Subject: charon-nm: Lower default retransmission settings to restore SAs more quickly X-Git-Tag: 6.0.1rc1~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de30b6b38588a104dcac7d2eb26f4deb35f41dbc;p=thirdparty%2Fstrongswan.git charon-nm: Lower default retransmission settings to restore SAs more quickly These are the same values we use for the Android app. References strongswan/strongswan#2696 --- diff --git a/conf/options/charon-nm.opt b/conf/options/charon-nm.opt index d9991e6c71..1ee878ccb6 100644 --- a/conf/options/charon-nm.opt +++ b/conf/options/charon-nm.opt @@ -24,6 +24,17 @@ charon-nm.port_nat_t = 0 Defaults to an ephemeral port. May be set to e.g. 4500 if firewall rules require a static port. +charon-nm.retransmit_base = 1.4 + Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION + in **strongswan.conf**(5). Default retransmission settings for charon-nm are + deliberately lower to fail and possibly reestablish SAs more quickly. + +charon-nm.retransmit_timeout = 2.0 + Timeout in seconds before sending first retransmit. + +charon-nm.retransmit_tries = 3 + Number of times to retransmit a packet before giving up. + charon-nm.routing_table = 210 Table where routes via XFRM interface are installed. Should be different than the table used for the regular IKE daemon due to the mark. diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c index 283454a28a..9dbc907888 100644 --- a/src/charon-nm/charon-nm.c +++ b/src/charon-nm/charon-nm.c @@ -221,6 +221,14 @@ int main(int argc, char *argv[]) lib->settings->set_default_str(lib->settings, "charon-nm.check_current_path", "yes"); + /* fail more quickly so users don't have to wait too long for a new SA */ + lib->settings->set_default_str(lib->settings, + "charon-nm.retransmit_tries", "3"); + lib->settings->set_default_str(lib->settings, + "charon-nm.retransmit_timeout", "2.0"); + lib->settings->set_default_str(lib->settings, + "charon-nm.retransmit_base", "1.4"); + DBG1(DBG_DMN, "Starting charon NetworkManager backend (strongSwan "VERSION")"); if (lib->integrity) {