charon-nm: Lower default retransmission settings to restore SAs more quickly

These are the same values we use for the Android app.

References strongswan/strongswan#2696

conf/options/charon-nm.opt

@@ -24,6 +24,17 @@ charon-nm.port_nat_t = 0
 	Defaults to an ephemeral port. May be set to e.g. 4500 if firewall rules
 	require a static port.
 
+charon-nm.retransmit_base = 1.4
+	Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
+	in **strongswan.conf**(5). Default retransmission settings for charon-nm are
+	deliberately lower to fail and possibly reestablish SAs more quickly.
+
+charon-nm.retransmit_timeout = 2.0
+	Timeout in seconds before sending first retransmit.
+
+charon-nm.retransmit_tries = 3
+	Number of times to retransmit a packet before giving up.
+
 charon-nm.routing_table = 210
 	Table where routes via XFRM interface are installed. Should be different
 	than the table used for the regular IKE daemon due to the mark.

src/charon-nm/charon-nm.c

@@ -221,6 +221,14 @@ int main(int argc, char *argv[])
 	lib->settings->set_default_str(lib->settings,
 				"charon-nm.check_current_path", "yes");
 
+	/* fail more quickly so users don't have to wait too long for a new SA */
+	lib->settings->set_default_str(lib->settings,
+				"charon-nm.retransmit_tries", "3");
+	lib->settings->set_default_str(lib->settings,
+				"charon-nm.retransmit_timeout", "2.0");
+	lib->settings->set_default_str(lib->settings,
+				"charon-nm.retransmit_base", "1.4");
+
 	DBG1(DBG_DMN, "Starting charon NetworkManager backend (strongSwan "VERSION")");
 	if (lib->integrity)
 	{