ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
strongswan/conf/plugins
History
Martin Willi 9b29003cd9 socket-default: Add an option to force the sending interface via IP_PKTINFO 
On Linux, setting the source address is insufficient to force a packet to be
sent over a certain path. The kernel uses the best route to select the outgoing
interface, even if we set a source address of a lower priority interface. This
is not only true for interfaces attaching to the same subnet, but also for
unrelated interfaces; the kernel (at least on 4.7) sends out the packet on
whatever interface it sees fit, even if that network does not expect packets
from the source address we force to.

When a better interface becomes available, strongSwan sends its MOBIKE address
list update using the old source address. But the kernel sends that packet over
the new best interface. If that network drops packets having the unexpected
source address from the old path, the MOBIKE update fails and the SA finally
times out.

To enforce a specific interface for our packet, we explicitly set the interface
index from the interface where the source address is installed. According to
ip(7), this overrules the specified source address to the primary interface
address. As this could have side effects to installations using multiple
addresses on a single interface, we disable the option by default for now.

This also allows using IPv6 link-local addresses, which won't work if
the outbound interface is not set explicitly.
 		2017-05-23 16:49:39 +02:00
..
addrblock.opt addrblock: Support an optional non-strict mode accepting certs without addrblock 2017-03-02 08:24:02 +01:00
android_log.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
attr-sql.opt attr-sql: Make release of online leases during startup optional 2017-05-19 15:22:51 +02:00
attr.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
bliss.opt Implemented improved BLISS-B signature algorithm 2015-02-25 21:45:34 +01:00
bypass-lan.opt bypass-lan: Allow ignoring or only considering subnets of specific interfaces 2017-02-08 10:38:28 +01:00
certexpire.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
coupling.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
dhcp.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
dnscert.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
duplicheck.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
eap-aka-3ggp2.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
eap-aka.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
eap-dynamic.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
eap-gtc.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
eap-peap.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
eap-radius.opt eap-radius: Add ability to configure RADIUS retransmission behavior 2015-11-17 14:25:08 +01:00
eap-sim.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
eap-simaka-sql.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
eap-tls.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
eap-tnc.opt Implemented PT-EAP protocol (RFC 7171) 2014-05-12 06:59:21 +02:00
eap-ttls.opt Implemented PT-EAP protocol (RFC 7171) 2014-05-12 06:59:21 +02:00
error-notify.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
ext-auth.opt ext-auth: Add an ext-auth plugin invoking an external authorization script 2014-10-06 18:30:46 +02:00
forecast.opt forecast: Document strongswan.conf options 2015-02-20 16:34:55 +01:00
gcrypt.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
ha.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
imc-attestation.opt libtpmtss: Implemented TSS2 quote() method 2016-06-26 18:19:05 +02:00
imc-hcd.opt conf: Fix declaration of default values for imc-hcd options 2015-08-27 17:07:13 +02:00
imc-os.opt Updated IMC/IMV entries in strongswan.conf man page 2014-05-31 20:37:57 +02:00
imc-scanner.opt Updated IMC/IMV entries in strongswan.conf man page 2014-05-31 20:37:57 +02:00
imc-swid.opt Updated IMC/IMV entries in strongswan.conf man page 2014-05-31 20:37:57 +02:00
imc-test.opt Updated IMC/IMV entries in strongswan.conf man page 2014-05-31 20:37:57 +02:00
imv-attestation.opt Fixed strongswan.conf man page entry of imc-attestation 2015-03-27 20:56:44 +01:00
imv-os.opt Updated IMC/IMV entries in strongswan.conf man page 2014-05-31 20:37:57 +02:00
imv-scanner.opt Updated IMC/IMV entries in strongswan.conf man page 2014-05-31 20:37:57 +02:00
imv-swid.opt Fixed typo in strongswan.conf 2014-06-05 11:26:54 +02:00
imv-test.opt Updated IMC/IMV entries in strongswan.conf man page 2014-05-31 20:37:57 +02:00
ipseckey.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
kernel-libipsec.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
kernel-netlink.opt kernel-netlink: Allow change of Netlink socket receive buffer size 2017-01-25 17:42:38 +01:00
kernel-pfkey.opt kernel-pfkey: Add option to set receive buffer size of event socket 2015-03-06 16:45:22 +01:00
kernel-pfroute.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
led.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
load-tester.opt conf: Document load-tester.crl option 2014-06-30 13:25:13 +02:00
lookip.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
ntru.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
openssl.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
osx-attr.opt conf: Add documentation for new osx-attr option 2015-08-28 15:49:58 +02:00
p-cscf.opt p-cscf: Make sending requests configurable and disable it by default 2016-03-10 11:57:38 +01:00
pkcs11.opt pkcs11: Fix documentation of load_certs option 2017-02-06 11:18:47 +01:00
radattr.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
random.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
resolve.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
revocation.opt revocation: More accurately describe the flags to disable OCSP/CRL validation 2017-02-15 10:41:38 +01:00
socket-default.opt socket-default: Add an option to force the sending interface via IP_PKTINFO 2017-05-23 16:49:39 +02:00
sql.opt conf: Install config files world-readable but warn about permissions for certain options 2014-02-12 15:16:57 +01:00
stroke.opt stroke: Add an option to disable side-swapping of configuration options 2015-08-21 18:19:26 +02:00
systime-fix.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
tnc-ifmap.opt conf: Install config files world-readable but warn about permissions for certain options 2014-02-12 15:16:57 +01:00
tnc-imc.opt conf: Document libtnccs options 2014-02-12 14:34:34 +01:00
tnc-imv.opt conf: Document libtnccs options 2014-02-12 14:34:34 +01:00
tnc-pdp.opt conf: Install config files world-readable but warn about permissions for certain options 2014-02-12 15:16:57 +01:00
tnccs-11.opt conf: Document libtnccs options 2014-02-12 14:34:34 +01:00
tnccs-20.opt Added PB-TNC test options to strongswan.conf man page 2015-03-27 21:05:00 +01:00
tpm.opt The tpm plugin offers random number generation 2017-03-20 21:16:10 +01:00
unbound.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
updown.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
vici.opt vici: Document strongswan.conf options 2014-05-07 14:13:38 +02:00
whitelist.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
xauth-eap.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00
xauth-pam.opt conf: Options of all plugins documented 2014-02-12 14:34:34 +01:00