diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-10-16 11:50:53 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-10-18 10:57:55 +0200 |
| commit | 8658e87b35ce9daf9df23403e65025417fc06697 (patch) | |
| tree | 2f778b637eca54210e51baf4d0dca8142ac49d7d | |
| parent | 292d8f41c3b39b8f8c6bede26de742c90120bf67 (diff) | |
| download | strongswan-8658e87b35ce9daf9df23403e65025417fc06697.tar.bz2 strongswan-8658e87b35ce9daf9df23403e65025417fc06697.tar.xz | |
android: Use keyingtries=%forever and dpd|closeaction=restart
We also ignore the CHILD_SA_DOWN event.
This should allow us to keep the connection up as long as the user does
not manually disconnect.
| -rw-r--r-- | src/frontends/android/jni/libandroidbridge/backend/android_service.c | 6 | ||||
| -rw-r--r-- | src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java | 10 |
2 files changed, 4 insertions, 12 deletions
diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c index 83eed02b9..d451a3d94 100644 --- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c +++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c @@ -470,7 +470,7 @@ static job_requeue_t initiate(private_android_service_t *this) ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create("android", IKEV2, ike_cfg, CERT_SEND_IF_ASKED, - UNIQUE_REPLACE, 1, /* keyingtries */ + UNIQUE_REPLACE, 0, /* keyingtries */ 36000, 0, /* rekey 10h, reauth none */ 600, 600, /* jitter, over 10min */ TRUE, FALSE, /* mobike, aggressive */ @@ -522,8 +522,8 @@ static job_requeue_t initiate(private_android_service_t *this) peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL, - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); + ACTION_NONE, ACTION_RESTART, ACTION_RESTART, + FALSE, 0, 0, NULL, NULL, 0); /* create an ESP proposal with the algorithms currently supported by * libipsec, no PFS for now */ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP, diff --git a/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java b/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java index b4236f6c7..02db8c494 100644 --- a/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java +++ b/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java @@ -329,15 +329,7 @@ public class CharonVpnService extends VpnService implements Runnable switch (status) { case STATE_CHILD_SA_DOWN: - synchronized (mServiceLock) - { - /* if we are not actively disconnecting we assume the remote terminated - * the connection and call disconnect() to deinitialize charon properly */ - if (mService != null && !mIsDisconnecting) - { - mService.disconnect(); - } - } + /* we ignore this as we use closeaction=restart */ break; case STATE_CHILD_SA_UP: setState(State.CONNECTED); |