[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-announce
Subject: Re: [strongSwan-dev] support for {left,right}allowany in charon?
From: Tobias Brunner <tobias () strongswan ! org>
Date: 2012-05-30 13:45:09
Message-ID: 4FC62465.5050708 () strongswan ! org
[Download RAW message or body]
Hi Mirko,
> it turns out this doesn't work well yet when the DNS server is
> unreachable during connection startup.
> ...
> No further retries are done, net-net stays down.
> ...
> Would it be an option to proceed in spite of the missing peer IP
> address, and do the name resolution later, so it can be retried?
I pushed three patches which enable charon to retry initiating an IKE_SA
if it initially failed due to a failed address lookup ([1]-[3], won't
apply cleanly to 4.6.3). This feature is disabled by default, but can
be enabled by setting charon.retry_initiate_interval to the time after
which charon should retry initiating the IKE_SA.
Regards,
Tobias
[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=eac9d770
[2] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=60c82591
[3] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=77e42826
_______________________________________________
Dev mailing list
Dev@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic