1 files changed, 16 insertions, 4 deletions

diff --git a/src/libcharon/sa/tasks/main_mode.c b/src/libcharon/sa/tasks/main_mode.c
index 525484f6f..5b2cdf77e 100644
--- a/src/libcharon/sa/tasks/main_mode.c
+++ b/src/libcharon/sa/tasks/main_mode.c
@@ -31,6 +31,7 @@
 #include <sa/tasks/xauth.h>
 #include <sa/tasks/mode_config.h>
 #include <sa/tasks/informational.h>
+#include <sa/tasks/isakmp_delete.h>
 
 typedef struct private_main_mode_t private_main_mode_t;
 
@@ -495,6 +496,17 @@ static status_t send_notify(private_main_mode_t *this, notify_type_t type)
 	return ALREADY_DONE;
 }
 
+/**
+ * Queue a delete task if authentication failed as initiator
+ */
+static status_t send_delete(private_main_mode_t *this)
+{
+	this->ike_sa->queue_task(this->ike_sa,
+						(task_t*)isakmp_delete_create(this->ike_sa, TRUE));
+	/* cancel all active tasks in favour of informational */
+	return ALREADY_DONE;
+}
+
 METHOD(task_t, build_i, status_t,
 	private_main_mode_t *this, message_t *message)
 {
@@ -1034,7 +1046,7 @@ METHOD(task_t, process_i, status_t,
 			if (!id_payload)
 			{
 				DBG1(DBG_IKE, "IDir payload missing");
-				return send_notify(this, INVALID_PAYLOAD_TYPE);
+				return send_delete(this);
 			}
 			id = id_payload->get_identification(id_payload);
 			if (!id->matches(id, this->other_auth->get(this->other_auth,
@@ -1042,7 +1054,7 @@ METHOD(task_t, process_i, status_t,
 			{
 				DBG1(DBG_IKE, "IDir does not match");
 				id->destroy(id);
-				return send_notify(this, INVALID_ID_INFORMATION);
+				return send_delete(this);
 			}
 			this->ike_sa->set_other_id(this->ike_sa, id);
 
@@ -1051,12 +1063,12 @@ METHOD(task_t, process_i, status_t,
 														 message) != SUCCESS)
 			{
 				DESTROY_IF(authenticator);
-				return send_notify(this, AUTHENTICATION_FAILED);
+				return send_delete(this);
 			}
 			authenticator->destroy(authenticator);
 			if (!check_constraints(this))
 			{
-				return send_notify(this, AUTHENTICATION_FAILED);
+				return send_delete(this);
 			}
 			save_auth_cfg(this, FALSE);