From de30b6b38588a104dcac7d2eb26f4deb35f41dbc Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 28 Feb 2025 16:40:48 +0100
Subject: [PATCH] charon-nm: Lower default retransmission settings to restore
 SAs more quickly

These are the same values we use for the Android app.

References strongswan/strongswan#2696
---
 conf/options/charon-nm.opt | 11 +++++++++++
 src/charon-nm/charon-nm.c  |  8 ++++++++
 2 files changed, 19 insertions(+)

diff --git a/conf/options/charon-nm.opt b/conf/options/charon-nm.opt
index d9991e6c71..1ee878ccb6 100644
--- a/conf/options/charon-nm.opt
+++ b/conf/options/charon-nm.opt
@@ -24,6 +24,17 @@ charon-nm.port_nat_t = 0
 	Defaults to an ephemeral port. May be set to e.g. 4500 if firewall rules
 	require a static port.
 
+charon-nm.retransmit_base = 1.4
+	Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
+	in **strongswan.conf**(5). Default retransmission settings for charon-nm are
+	deliberately lower to fail and possibly reestablish SAs more quickly.
+
+charon-nm.retransmit_timeout = 2.0
+	Timeout in seconds before sending first retransmit.
+
+charon-nm.retransmit_tries = 3
+	Number of times to retransmit a packet before giving up.
+
 charon-nm.routing_table = 210
 	Table where routes via XFRM interface are installed. Should be different
 	than the table used for the regular IKE daemon due to the mark.
diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c
index 283454a28a..9dbc907888 100644
--- a/src/charon-nm/charon-nm.c
+++ b/src/charon-nm/charon-nm.c
@@ -221,6 +221,14 @@ int main(int argc, char *argv[])
 	lib->settings->set_default_str(lib->settings,
 				"charon-nm.check_current_path", "yes");
 
+	/* fail more quickly so users don't have to wait too long for a new SA */
+	lib->settings->set_default_str(lib->settings,
+				"charon-nm.retransmit_tries", "3");
+	lib->settings->set_default_str(lib->settings,
+				"charon-nm.retransmit_timeout", "2.0");
+	lib->settings->set_default_str(lib->settings,
+				"charon-nm.retransmit_base", "1.4");
+
 	DBG1(DBG_DMN, "Starting charon NetworkManager backend (strongSwan "VERSION")");
 	if (lib->integrity)
 	{
-- 
2.47.2