handling of "rekey=no" parameter added

1 files changed, 18 insertions, 5 deletions

diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 25a66a0f3..719a346d6 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -125,11 +125,24 @@ int starter_stroke_add_conn(starter_conn_t *conn)
 	msg.length = offsetof(stroke_msg_t, buffer);
 	msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2;
 	msg.add_conn.name = push_string(&msg, connection_name(conn));
-	msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
-	msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds;
-	msg.add_conn.rekey.margin = conn->sa_rekey_margin;
-	msg.add_conn.rekey.tries = conn->sa_keying_tries;
-	msg.add_conn.rekey.fuzz = conn->sa_rekey_fuzz;
+	if (conn->policy & POLICY_DONT_REKEY)
+	{
+		msg.add_conn.rekey.ipsec_lifetime = 0;
+		msg.add_conn.rekey.ike_lifetime = 0;
+		msg.add_conn.rekey.margin = 0;
+		msg.add_conn.rekey.tries = 0;
+		msg.add_conn.rekey.fuzz = 0;
+	}
+	else
+	{
+		msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
+		msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds;
+		msg.add_conn.rekey.margin = conn->sa_rekey_margin;
+		msg.add_conn.rekey.tries = conn->sa_keying_tries;
+		msg.add_conn.rekey.fuzz = conn->sa_rekey_fuzz;
+	}
+	msg.add_conn.algorithms.ike = push_string(&msg, conn->ike);
+	msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
 
 	starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->right);
 	starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->left);