On Tue, 11 Jun 2019 18:35:26 -0400 (EDT) Paul Wouters <[email protected]> wrote:
> See https://github.com/libreswan/libreswan/issues/221 > > Currently: > > - if local connection has mobike=yes but kernel support disabled -> > fail to load the connection. IPsec tunnel fails > - if local connection has mobike=yes but IKE negotiation resulted in > peer not supporting mobike -> succeeds connection but without > mobike > > The question is whether in the first case, we shouldn't really just > setup the connection but without mobike, perhaps log a big warning? No. We really need to fail loading the connectin if mobike=yes is set and we don't support mobike. We have exactly similar behaviour with nic-offload. You can't even set nic-offload=no if nic-offload support is not build in. > What do people prefer? Close 221 without changes and keep current > situation, or change code to allow loading the connection and bringing > it up without mobike ? Close issue. We must fail to load connection requesting mobike if mobike support is not available. Or we soon get bug reports about mobike not working. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
