[Swan-dev] Q: mobike on kernel without mobike: load or not load the connection
Paul Wouters
paul at nohats.ca
Tue Jun 11 22:35:26 UTC 2019
See https://github.com/libreswan/libreswan/issues/221
Currently:
- if local connection has mobike=yes but kernel support disabled -> fail
to load the connection. IPsec tunnel fails
- if local connection has mobike=yes but IKE negotiation resulted in
peer not supporting mobike -> succeeds connection but without mobike
The question is whether in the first case, we shouldn't really just
setup the connection but without mobike, perhaps log a big warning?
What do people prefer? Close 221 without changes and keep current
situation, or change code to allow loading the connection and bringing
it up without mobike ?
Paul
More information about the Swan-dev
mailing list