diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2015-04-30 12:26:41 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-03-04 16:03:00 +0100 |
| commit | 7505fb8d457983892b3cba049a4b6a8bae78b49d (patch) | |
| tree | ad14b076d278d6a8a96ff57db0909b0143cade88 /src | |
| parent | c13eb73719958e004cf8ae362f3801a3f3f243b0 (diff) | |
| download | strongswan-7505fb8d457983892b3cba049a4b6a8bae78b49d.tar.bz2 strongswan-7505fb8d457983892b3cba049a4b6a8bae78b49d.tar.xz | |
ike-sa: Reauthenticate to the same addresses we currently use
If the SA got redirected this would otherwise cause a reauthentication with
the original gateway. Reestablishing the SA to the original gateway, if e.g.
the new gateway is not reachable makes sense though.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/sa/ike_sa.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 6884bf249..f5245417e 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -1950,8 +1950,11 @@ METHOD(ike_sa_t, reestablish, status_t, host = this->my_host; new->set_my_host(new, host->clone(host)); charon->bus->ike_reestablish_pre(charon->bus, &this->public, new); - /* resolve hosts but use the old addresses above as fallback */ - resolve_hosts((private_ike_sa_t*)new); + if (!has_condition(this, COND_REAUTHENTICATING)) + { /* reauthenticate to the same addresses, but resolve hosts if + * reestablishing (old addresses serve as fallback) */ + resolve_hosts((private_ike_sa_t*)new); + } /* if we already have a virtual IP, we reuse it */ enumerator = array_create_enumerator(this->my_vips); while (enumerator->enumerate(enumerator, &host)) |