ike: support multiple addresses, ranges and subnets in IKE address config

Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.

1 files changed, 2 insertions, 2 deletions

diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
index a697da804..180e8da98 100644
--- a/src/charon-cmd/cmd/cmd_connection.c
+++ b/src/charon-cmd/cmd/cmd_connection.c
@@ -163,8 +163,8 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
 	{
 		remote_port = IKEV2_NATT_PORT;
 	}
-	ike_cfg = ike_cfg_create(version, TRUE, FALSE, "0.0.0.0", FALSE, local_port,
-					this->host, FALSE, remote_port, FRAGMENTATION_NO, 0);
+	ike_cfg = ike_cfg_create(version, TRUE, FALSE, "0.0.0.0", local_port,
+					this->host, remote_port, FRAGMENTATION_NO, 0);
 	ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 	peer_cfg = peer_cfg_create("cmd", ike_cfg,
 					CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */