aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c')
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 5715476e1..e1a58aa94 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -2230,19 +2230,22 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
{
route->gateway = hydra->kernel_interface->get_nexthop(
hydra->kernel_interface, dst, -1, src);
+
+ /* if the IP is virtual, we install the route over the interface it has
+ * been installed on. Otherwise we use the interface we use for IKE, as
+ * this is required for example on Linux. */
+ if (is_virtual)
+ {
+ src = route->src_ip;
+ }
}
else
{ /* for shunt policies */
route->gateway = hydra->kernel_interface->get_nexthop(
hydra->kernel_interface, policy->src.net,
policy->src.mask, route->src_ip);
- }
- /* if the IP is virtual, we install the route over the interface it has
- * been installed on. Otherwise we use the interface we use for IKE, as
- * this is required for example on Linux. */
- if (is_virtual)
- {
+ /* we don't have a source address, use the address we found */
src = route->src_ip;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-21 05:24:02 +0000