diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-06-06 16:20:34 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-06-10 13:57:27 +0200 |
| commit | 50798628c5530ac3b35d3376cbfd89f326ac286f (patch) | |
| tree | dac279c2c628a33dd13c77cd5eed486ebabc0f7b /src | |
| parent | d1f8628420004512ccc8f08d57b76a9ada5f49d2 (diff) | |
| download | strongswan-50798628c5530ac3b35d3376cbfd89f326ac286f.tar.bz2 strongswan-50798628c5530ac3b35d3376cbfd89f326ac286f.tar.xz | |
kernel-pfkey: Also use interface returned by get_nexthop() for IPsec policies
An exception is if the local address is virtual, in which case we want
the route to be via TUN device.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 82abc76fa..a5d3c0a4b 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -2315,13 +2315,15 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this, if (!dst->is_anyaddr(dst)) { route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, - src, NULL); + src, &route->if_name); /* if the IP is virtual, we install the route over the interface it has * been installed on. Otherwise we use the interface we use for IKE, as * this is required for example on Linux. */ if (is_virtual) { + free(route->if_name); + route->if_name = NULL; src = route->src_ip; } } |