I'm a little confused by failureshunt=drop. It does seem to work fine when a connection that has established, goes bad. But it seems to not prevent any leaking when a connection has not been started yet, or when the initial load+start is failing.
my test: load mismatching connections on west and east, then run --up on west. Let it release whack, and run a ping. The swan12 device shows unencrypted pings and ip xfrm pol shows no drop shunt. ipsec status shows failureDROP Adding negotiationshunt=drop makes no difference. I suspect this is only used for OE? This is causing a leak. Should we install a non-bare failureshunt when a (non-template) connection is added using auto=add ? Should we install a non-bare negotiationshunt when a (non-template) connection is added using auto=add ? If the answer is no, repeat the questio for auto=route ? (which would also apply to auto=start) Note I only tested this for a net-to-net tunnel. There is an additional complication for tunnels that have XXXsubnet=0.0.0.0/0 Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
