diff options
| author | Martin Willi <martin@revosec.ch> | 2013-09-03 15:44:43 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-09-04 10:33:38 +0200 |
| commit | a858064455bc2fda9f54889395eccee8f91fd424 (patch) | |
| tree | e4065153815b9eebc0e7bf2b19a8b8372b046760 /src | |
| parent | 16149401e93e0ab22c003c1d624b3ca5819f3444 (diff) | |
| download | strongswan-a858064455bc2fda9f54889395eccee8f91fd424.tar.bz2 strongswan-a858064455bc2fda9f54889395eccee8f91fd424.tar.xz | |
stroke: ignore a leftsourceip if a rightsourceip is given as well
As we always negotiate virtual IPs in charon, having both left- and
rightsourceip is not allowed. Both in IKEv1 and IKEv2 we support a single
configuration payload exchange only.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 2b16ad683..2e36ce3a3 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -781,7 +781,13 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, enumerator->destroy(enumerator); } - if (msg->add_conn.me.sourceip) + if (msg->add_conn.me.sourceip && msg->add_conn.other.sourceip) + { + DBG1(DBG_CFG, "'%s' has both left- and rightsourceip, but IKE can " + "negotiate one virtual IP only, ignoring local virtual IP", + msg->add_conn.name); + } + else if (msg->add_conn.me.sourceip) { enumerator_t *enumerator; char *token; |