charon.ignore_routing_tables
A space-separated list of routing tables to be excluded from route lookups.
+charon.ignore_acquire_ts = no
+ Whether to ignore the traffic selectors from the kernel's acquire events for
+ IKEv2 connections (they are not used for IKEv1).
+
+ If this is disabled the traffic selectors from the kernel's acquire events,
+ which are derived from the triggering packet, are prepended to the traffic
+ selectors from the configuration for IKEv2 connection. By enabling this,
+ such specific traffic selectors will be ignored and only the ones in the
+ config will be sent. This always happens for IKEv1 connections as the
+ protocol only supports one set of traffic selectors per CHILD_SA.
+
charon.ikesa_limit = 0
Maximum number of IKE_SAs that can be established at the same time before
new connection attempts are blocked.
* listener to track acquiring IKE_SAs
*/
trap_listener_t listener;
+
+ /**
+ * Whether to ignore traffic selectors from acquires
+ */
+ bool ignore_acquire_ts;
};
/**
{
ike_sa->set_peer_cfg(ike_sa, peer);
}
- if (ike_sa->get_version(ike_sa) == IKEV1)
+ if (this->ignore_acquire_ts || ike_sa->get_version(ike_sa) == IKEV1)
{ /* in IKEv1, don't prepend the acquiring packet TS, as we only
* have a single TS that we can establish in a Quick Mode. */
src = dst = NULL;
},
.traps = linked_list_create(),
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ .ignore_acquire_ts = lib->settings->get_bool(lib->settings,
+ "%s.ignore_acquire_ts", FALSE, lib->ns),
);
charon->bus->add_listener(charon->bus, &this->listener.listener);
projects / strongswan.git / commitdiff