| commit 21100cee5f207c24ee55ad6c612a84a6140ba583 | Author: Paul Wouters <[email protected]> | Date: Sun Mar 1 21:46:17 2020 -0500 | | IKEv2: Set keyingtries to 1 for Opportunistic Encryption connections. | | We cannot have unlimited keyingtries for Opportunistic, or else we gain | infinite partial IKE SA's. But also, more than one makes no sense, since | it will be installing a failureshunt (not negotiationshunt) on the 2nd | keyingtry, and try to re-install another negotationshunt, ad nauseam.
Why would keyingtries have been set to something other than 1? Either it has the default (0) or something explicitly set by the user (which could be 0). It seems to me that we should let the user set the value. We certainly should not silently override a setting made by the user. We should change the default for OE to 1. At a minimum, if we override a value that the user specified, we should issue a diagnostic (warning? error?). _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
