New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
src: Implement changes for dmvpn #502
base: master
Are you sure you want to change the base?
Conversation
appveyor failed because of a build timeout. 2 out of 3 tests passed. |
I have been rebaseing Timo's patches for few years and using it on fedora. There are few differences, namely you are missing changes for OpenWRT in src/libcharon/plugins/uci/uci_control.c and you squashed patches. I also have vyos-disconnect patch on my branch. Timo's has been sending them to strongswan list for at least eight years. Here is my conclusion:
Frr ships nhrp daemon (not dmvpn) for few years in stable releases, quagga also (but it has been deprecated) and it's a real shame this was not accepted or taken more seriously because most of SS usage on linux are on server to server basis. Even more because SS became main part of most distributions. If only some of SS developer could find some time to review and do some work in direction in which it is acceptable to SS. BTW. SS source is real large and IPsec/IKE is very complicated matter so it's not real that this is implemented by non SS developer. |
|
So what would be correct course of action? As Tobias stated this patches were rejected years ago and I don't see that they will ever be accepted. I especially don’t see that they could accepted in this squashed state. Patches appeared on strongswan-dev list in 2014. Timo has resubmitted it few more times and they are ignored since. Are we waiting for changes which would break this patches completely so we could throw away all nhrp code in Frr and Quagga? |
BTW. This is original thread which partly answer's Tobias questions. |
We have received request to include this feature into Fedora strongswan package. But one of original arguments in mailing list were lack of design document. I have found something on FRR NHRPD, but I would think this deserves at least some README.md on strongswan side. I can find updated code, but I miss any documentation notes added along. Is it intentional? |
What kind of documentation do you want? There is essentially no user interaction needed after the IKE_SA and CHILD_SA configuration is provided, and frr nhrpd is connected to it (and the nhrpd configuration is obviously frr specific, and has nothing to do with strongSwan). |
Updated, actively supported version of the patch for strongswan 5.9.11: https://gitlab.alpinelinux.org/alpine/aports/-/tree/master/main/strongswan Please add these patches to the main strongswan code. This will greatly simplify the work of some strongswan users who now have to build strongswan manually every time. |
Any updates? |
No description provided.