diff options
| -rw-r--r-- | src/pluto/connections.c | 3 | ||||
| -rw-r--r-- | src/pluto/ipsec_doi.c | 15 |
2 files changed, 17 insertions, 1 deletions
diff --git a/src/pluto/connections.c b/src/pluto/connections.c index 349d4b722..dd193042a 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -3693,7 +3693,8 @@ static connection_t *fc_try(const connection_t *c, struct host_pair *hp, } else { - if (!peer_net_is_host) + if (!peer_net_is_host && !(sr->that.modecfg && c->spd.that.modecfg && + subnetisaddr(peer_net, &c->spd.that.host_srcip))) { continue; } diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 797ac6d01..3026ab0db 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -4872,6 +4872,21 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, */ p = rw_instantiate(p, &c->spd.that.host_addr, md->sender_port , his_net, c->spd.that.id); + + /* inherit any virtual IP assigned by a Mode Config exchange */ + if (p->spd.that.modecfg && c->spd.that.modecfg && + subnetisaddr(his_net, &c->spd.that.host_srcip)) + { + char srcip[ADDRTOT_BUF]; + + DBG(DBG_CONTROL, + addrtot(&c->spd.that.host_srcip, 0, srcip, sizeof(srcip)); + DBG_log("inheriting virtual IP source address %s from ModeCfg", srcip) + ) + p->spd.that.host_srcip = c->spd.that.host_srcip; + p->spd.that.client = c->spd.that.client; + p->spd.that.has_client = TRUE; + } } } #ifdef DEBUG |