[Swan-commit] Changes to ref refs/heads/main
Paul Wouters
paul at vault.libreswan.fi
Wed Nov 25 18:26:10 UTC 2020
New commits:
commit a43c1a86ba13111587b6910bf3dc6ee9a4a25d61
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Nov 25 13:21:28 2020 -0500
pluto: add auto=keep option and revival for instances (via co_serialno)
Problem scenario: a peer behind NAT initiates to libreswan and brings up
a tunnel. Once idle, the tunnels is torn down, but libreswan wants the
tunnel to always be up. It cannot do a regular initiate of the connection
because the peer is behind NAT so IKE traffic to port 500/4500 will fail.
auto=keep will add POLICY_UP to the auto=add, so once the instance comes up
and receives a delete, it will update its ike port to the last known port
in use, and immediately re-initiate back before the NAT router closes the
NAT mapping and the machine behind NAT becomes unreachable.
If keyingtries=0, set it to 2 so in case the machine behind NAT is gone,
the revival process ends and the instance connection is deleted.
commit d97f39ec673c1e4fc77ed2bcf30a79cca815137b
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Nov 25 12:53:57 2020 -0500
testing: added ikev2-revive-through-nat-02-cleanfail
Test for a reviving instance with no hope to actually die
commit 480bc921b6b4e84e9838a1e6df5850dcfd3ef6db
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Nov 24 23:42:46 2020 -0500
testing: add ikev2-revive-through-nat
commit 680ecc5b47019811656b5b3c23c4909e645d0840
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Nov 25 11:48:09 2020 -0500
pluto: rename conn_by_name()'s strict argument into no_inst
'strict' is really an awful name.
More information about the Swan-commit
mailing list