Fixed IDi in case neither left nor leftid is configured.

1 files changed, 21 insertions, 0 deletions

diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c
index af2c30f71..1ef216272 100644
--- a/src/libcharon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
@@ -422,6 +422,27 @@ METHOD(task_t, build_i, status_t,
 			DBG1(DBG_CFG, "configuration misses IDi");
 			return FAILED;
 		}
+		else if (idi->get_type(idi) == ID_ANY)
+		{	/* ID_ANY is invalid as IDi, use local IP address instead */
+			enumerator_t *enumerator;
+			auth_rule_t rule;
+			host_t *me;
+			void *data;
+
+			me = this->ike_sa->get_my_host(this->ike_sa);
+			idi = identification_create_from_sockaddr(me->get_sockaddr(me));
+			enumerator = cfg->create_enumerator(cfg);
+			while (enumerator->enumerate(enumerator, &rule, &data))
+			{
+				if (rule == AUTH_RULE_IDENTITY)
+				{
+					cfg->replace(cfg, enumerator, AUTH_RULE_IDENTITY,
+								 idi);
+					break;
+				}
+			}
+			enumerator->destroy(enumerator);
+		}
 		this->ike_sa->set_my_id(this->ike_sa, idi->clone(idi));
 		id_payload = id_payload_create_from_identification(ID_INITIATOR, idi);
 		get_reserved_id_bytes(this, id_payload);