Merge branch 'ikev1-rekeying'

Migrates Quick Modes to the new Main Mode if an IKEv1 reauthentication replaces the old Main Mode having a uniqueids=replace policy.
author: Martin Willi <martin@revosec.ch> 2013-03-01 11:32:02 +0100
committer: Martin Willi <martin@revosec.ch> 2013-03-01 11:32:02 +0100
commit: b611d8ba48424747ad1330e6ffbba3de8f5f0555 (patch)
tree: 8d3e07c2471da412a11ba947a10cb84ccc94ea0b /src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
parent: ec1b4e6638598b5c77684cd01ab4caeaf3e230a4 (diff)
parent: 3dc9d427c92ee3bece4bc1c3c575250156deeebc (diff)
download: strongswan-b611d8ba48424747ad1330e6ffbba3de8f5f0555.tar.bz2
strongswan-b611d8ba48424747ad1330e6ffbba3de8f5f0555.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index e47887859..b6df9879c 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1757,6 +1757,10 @@ METHOD(kernel_net_t, add_ip, status_t,
 				DBG2(DBG_KNL, "virtual IP %H installed on %s", virtual_ip,
 					 entry->iface->ifname);
 				this->lock->unlock(this->lock);
+				/* during IKEv1 reauthentication, children get moved from
+				 * old the new SA before the virtual IP is available. This
+				 * kills the route for our virtual IP, reinstall. */
+				queue_route_reinstall(this, entry->iface->ifname);
 				return SUCCESS;
 			}
 		}
author	Martin Willi <martin@revosec.ch>	2013-03-01 11:32:02 +0100
committer	Martin Willi <martin@revosec.ch>	2013-03-01 11:32:02 +0100
commit	b611d8ba48424747ad1330e6ffbba3de8f5f0555 (patch)
tree	8d3e07c2471da412a11ba947a10cb84ccc94ea0b /src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
parent	ec1b4e6638598b5c77684cd01ab4caeaf3e230a4 (diff)
parent	3dc9d427c92ee3bece4bc1c3c575250156deeebc (diff)
download	strongswan-b611d8ba48424747ad1330e6ffbba3de8f5f0555.tar.bz2 strongswan-b611d8ba48424747ad1330e6ffbba3de8f5f0555.tar.xz