[Swan-dev] Q: mobike on kernel without mobike: load or not load the connection

Paul Wouters paul at nohats.ca
Tue Jun 11 22:35:26 UTC 2019

See https://github.com/libreswan/libreswan/issues/221


- if local connection has mobike=yes but kernel support disabled -> fail
   to load the connection. IPsec tunnel fails
- if local connection has mobike=yes but IKE negotiation resulted in
   peer not supporting mobike -> succeeds connection but without mobike

The question is whether in the first case, we shouldn't really just
setup the connection but without mobike, perhaps log a big warning?

What do people prefer? Close 221 without changes and keep current
situation, or change code to allow loading the connection and bringing
it up without mobike ?


More information about the Swan-dev mailing list