blob: 411bc58df9bbe069fa3d50dd0c5c61aba9f55d0e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From 6f7a3b33bc044e0c212be54be74b9497d513ca86 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 10 Jul 2015 10:23:02 +0200
Subject: [PATCH] ike: Fall back to the current remote IP if it resolves to
%any
In some situations it might be valid for a host that configures
right=%any to reestablish or reauthenticate an IKE_SA. Using %any would
immediately abort the initiation causing the new SA to fail (which
might already have the existing CHILD_SAs assigned).
Fixes #1027.
---
src/libcharon/sa/ike_sa.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 0c13c58..752a756 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1224,7 +1224,12 @@ static void resolve_hosts(private_ike_sa_t *this)
}
if (host)
{
- set_other_host(this, host);
+ if (!host->is_anyaddr(host) ||
+ this->other_host->is_anyaddr(this->other_host))
+ { /* don't set to %any if we currently have an address, but the
+ * address family might have changed */
+ set_other_host(this, host);
+ }
}
if (this->local_host)
--
2.4.6
|
