New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
src: Implement changes for dmvpn #345
Conversation
It would be great to see support for dmvpn, we've been having to use these patches in local builds. |
@sarthurdev Exactly these patches? |
Not exactly your fork, but the patches by Timo Teras. |
Could you kindly test my fork? Then I can be sure it's working alright. I don't have an existing test setup for DMVPN. |
I also welcome these patches. I asked for it in the past at ticket https://wiki.strongswan.org/issues/3643. I going to test it with FRR/NHRP as well. When will it be part of the Strongswan release? |
I don't know that. Probably when they are merged. :P |
As far as I remember, these patches were rejected years ago. And I've never seen a design document that describes the problem they are trying to solve, what alternatives were considered and why were dismissed, and why this set of patches should be the best approach. |
Which patches exactly? The ones for VICI? |
Found the original messages on the topic: https://lists.strongswan.org/pipermail/dev/2014-August/001017.html Might actually be able to approach this differently now, for example vici does seem to support creating dynamic connections now with |
That is extremely outdated, because all of these things already happened.
|
I'm facing the above problem, you should be able to reproduce and test this without a dmvpn setup, by defining a connection in swanctl.conf and initiate it like above command. |
Thank you for your quick response. I'll fix it when I have time allocated for it. :) |
@Thermi It seems that Alpine Linux have working 5.9 patches for dmvpn support: https://gitlab.alpinelinux.org/alpine/aports/-/tree/master/main/strongswan |
That's the patches that I based the changes in this commit on. Because of changes in strongSwan, the patches in that branch don't apply anymore. And strongSwan on Alpine already crashes when the the conns are reloaded using swanctl (if it's used in cojunction with quagga's nhrpd). So that's no good. |
I fixed a bug and rebased for 5.9.3. See #502 please. |
Test suite and test scenarios passe with the changes.