diff options
| -rw-r--r-- | src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 4bc2770c1..5715476e1 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -2223,11 +2223,21 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this, INIT(route, .prefixlen = policy->src.mask, .src_ip = host, - .gateway = hydra->kernel_interface->get_nexthop( - hydra->kernel_interface, dst, -1, src), .dst_net = chunk_clone(policy->src.net->get_address(policy->src.net)), ); + if (!dst->is_anyaddr(dst)) + { + route->gateway = hydra->kernel_interface->get_nexthop( + hydra->kernel_interface, dst, -1, src); + } + else + { /* for shunt policies */ + route->gateway = hydra->kernel_interface->get_nexthop( + hydra->kernel_interface, policy->src.net, + policy->src.mask, route->src_ip); + } + /* if the IP is virtual, we install the route over the interface it has * been installed on. Otherwise we use the interface we use for IKE, as * this is required for example on Linux. */ |