2 files changed, 12 insertions, 2 deletions

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index ff7b40d7b..649c560da 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -2154,7 +2154,12 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
 			{
 				route_entry_t *old = policy->route;
 				if (route_entry_equals(old, route))
-				{	/* keep previously installed route */
+				{	/* keep previously installed route. since it might have
+					 * still been removed by an address change, we install it
+					 * again but ignore the result */
+					hydra->kernel_interface->add_route(hydra->kernel_interface,
+							route->dst_net, route->prefixlen, route->gateway,
+							route->src_ip, route->if_name);
 					this->mutex->unlock(this->mutex);
 					route_entry_destroy(route);
 					return SUCCESS;
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index d9327fc58..da10edffe 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -2016,7 +2016,12 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this,
 			{
 				route_entry_t *old = policy->route;
 				if (route_entry_equals(old, route))
-				{	/* keep previously installed route */
+				{	/* keep previously installed route. since it might have
+					 * still been removed by an address change, we install it
+					 * again but ignore the result */
+					hydra->kernel_interface->add_route(hydra->kernel_interface,
+							route->dst_net, route->prefixlen, route->gateway,
+							route->src_ip, route->if_name);
 					this->mutex->unlock(this->mutex);
 					route_entry_destroy(route);
 					return SUCCESS;