summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/ha/ha_tunnel.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/plugins/ha/ha_tunnel.c')
-rw-r--r--src/libcharon/plugins/ha/ha_tunnel.c28
1 files changed, 18 insertions, 10 deletions
diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c
index dd2399366..a0e514614 100644
--- a/src/libcharon/plugins/ha/ha_tunnel.c
+++ b/src/libcharon/plugins/ha/ha_tunnel.c
@@ -79,7 +79,7 @@ struct private_ha_tunnel_t {
/**
* Reqid of installed trap
*/
- u_int32_t trap;
+ uint32_t trap;
/**
* backend for HA SA
@@ -183,10 +183,22 @@ static void setup_tunnel(private_ha_tunnel_t *this,
auth_cfg_t *auth_cfg;
child_cfg_t *child_cfg;
traffic_selector_t *ts;
- lifetime_cfg_t lifetime = {
- .time = {
- .life = 21600, .rekey = 20400, .jitter = 400,
+ peer_cfg_create_t peer = {
+ .cert_policy = CERT_NEVER_SEND,
+ .unique = UNIQUE_KEEP,
+ .rekey_time = 86400, /* 24h */
+ .jitter_time = 7200, /* 2h */
+ .over_time = 3600, /* 1h */
+ .no_mobike = TRUE,
+ .dpd = 30,
+ };
+ child_cfg_create_t child = {
+ .lifetime = {
+ .time = {
+ .life = 21600, .rekey = 20400, .jitter = 400,
+ },
},
+ .mode = MODE_TRANSPORT,
};
/* setup credentials */
@@ -208,9 +220,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
remote, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
- peer_cfg = peer_cfg_create("ha", ike_cfg, CERT_NEVER_SEND,
- UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE,
- TRUE, 30, 0, FALSE, NULL, NULL);
+ peer_cfg = peer_cfg_create("ha", ike_cfg, &peer);
auth_cfg = auth_cfg_create();
auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
@@ -224,9 +234,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
identification_create_from_string(remote));
peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE);
- child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, MODE_TRANSPORT,
- ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
- 0, 0, NULL, NULL, 0);
+ child_cfg = child_cfg_create("ha", &child);
ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 11:42:05 +0000