diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-10-01 09:41:35 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-10-01 09:41:35 +0200 |
| commit | eb4544f773a7548180572dde6d730ff37ff84a99 (patch) | |
| tree | 6bd099593af7c48ab06c0ee43937f8fe8ef1bd3e | |
| parent | 70e81857f9b2c3cc898678594d0d1f61cb2dffbb (diff) | |
| download | strongswan-eb4544f773a7548180572dde6d730ff37ff84a99.tar.bz2 strongswan-eb4544f773a7548180572dde6d730ff37ff84a99.tar.xz | |
fixes multiple IPsec SAs with IKEv1 Mode Config
| -rw-r--r-- | src/pluto/ipsec_doi.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 5ea00a822..9e941192c 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -1928,6 +1928,23 @@ stf_status quick_outI1(int whack_sock, struct state *isakmp_sa, bool send_natoa = FALSE; u_int8_t np = ISAKMP_NEXT_NONE; + if (c->spd.this.modecfg && !c->spd.this.has_client && + isanyaddr(&c->spd.this.host_srcip)) + { + connection_t *ph1_c = isakmp_sa->st_connection; + + if (ph1_c->spd.this.modecfg && !isanyaddr(&ph1_c->spd.this.host_srcip)) + { + char srcip[ADDRTOT_BUF]; + + c->spd.this.host_srcip = ph1_c->spd.this.host_srcip; + c->spd.this.client = ph1_c->spd.this.client; + c->spd.this.has_client = TRUE; + addrtot(&c->spd.this.host_srcip, 0, srcip, sizeof(srcip)); + plog("inheriting virtual IP source address %s from ModeCfg", srcip); + } + } + st->st_whack_sock = whack_sock; st->st_connection = c; set_cur_state(st); /* we must reset before exit */ |