From: Tobias Brunner Date: Tue, 15 Nov 2016 15:28:34 +0000 (+0100) Subject: vici: Make active roaming configurable X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Froam-ignore;p=thirdparty%2Fstrongswan.git vici: Make active roaming configurable --- diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 12497ec5ee..8becdf1dc8 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -295,6 +295,7 @@ typedef struct { bool aggressive; bool encap; bool mobike; + bool roaming; bool send_certreq; bool pull; cert_policy_t send_cert; @@ -397,6 +398,7 @@ static void log_peer_data(peer_data_t *data) DBG2(DBG_CFG, " send_certreq = %u", data->send_certreq); DBG2(DBG_CFG, " send_cert = %N", cert_policy_names, data->send_cert); DBG2(DBG_CFG, " mobike = %u", data->mobike); + DBG2(DBG_CFG, " roaming = %u", data->roaming); DBG2(DBG_CFG, " aggressive = %u", data->aggressive); DBG2(DBG_CFG, " dscp = 0x%.2x", data->dscp); DBG2(DBG_CFG, " encap = %u", data->encap); @@ -1553,6 +1555,7 @@ CALLBACK(peer_kv, bool, { "dscp", parse_dscp, &peer->dscp }, { "encap", parse_bool, &peer->encap }, { "mobike", parse_bool, &peer->mobike }, + { "roaming", parse_bool, &peer->roaming }, { "dpd_delay", parse_time, &peer->dpd_delay }, { "dpd_timeout", parse_time, &peer->dpd_timeout }, { "fragmentation", parse_frag, &peer->fragmentation }, @@ -2195,6 +2198,7 @@ CALLBACK(config_sn, bool, .children = linked_list_create(), .proposals = linked_list_create(), .mobike = TRUE, + .roaming = TRUE, .send_certreq = TRUE, .pull = TRUE, .send_cert = CERT_SEND_IF_ASKED, @@ -2352,6 +2356,7 @@ CALLBACK(config_sn, bool, .jitter_time = peer.rand_time, .over_time = peer.over_time, .no_mobike = !peer.mobike, + .no_roaming = !peer.roaming, .aggressive = peer.aggressive, .push_mode = !peer.pull, .dpd = peer.dpd_delay, diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index cd2d9142dd..33fc8874f0 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -120,6 +120,16 @@ connections..encap = no Usually this is not required, but it can help to work around connectivity issues with too restrictive intermediary firewalls. +connections..roaming = yes + Enable active roaming between IP addresses/interfaces. + + Enable active roaming between IP addresses/interfaces. Disabling this causes + this connection to ignore any local changes in interfaces, IP addresses or + routes and therefore prevents the active switching to different source + addresses. However, if valid packets are received on a different IP address + there might still be a switch. Disabling this implicitly disables MOBIKE on + IKEv2 connections. + connections..mobike = yes Enables MOBIKE on IKEv2 connections.