8 files changed, 47 insertions, 28 deletions

diff --git a/src/charon/config/connections/local_connection_store.c b/src/charon/config/connections/local_connection_store.c
index 88a83aae9..fa3bd555d 100644
--- a/src/charon/config/connections/local_connection_store.c
+++ b/src/charon/config/connections/local_connection_store.c
@@ -225,21 +225,22 @@ void log_connections(private_local_connection_store_t *this, logger_t *logger, c
 		logger = this->logger;
 	}
 	
-	logger->log(logger, CONTROL, "templates:");
+	logger->log(logger, CONTROL, "Templates:");
 	
 	pthread_mutex_lock(&(this->mutex));
 	iterator = this->connections->create_iterator(this->connections, TRUE);
 	while (iterator->has_next(iterator))
 	{
 		iterator->current(iterator, (void**)&current);
-		if (!name || strcmp(name, current->get_name(current)) == 0)
+		if (current->is_ikev2(current) && ( name == NULL || streq(name, current->get_name(current))))
 		{
-			host_t *my_host, *other_host;
-			my_host = current->get_my_host(current);
-			other_host = current->get_other_host(current);
+			host_t *my_host = current->get_my_host(current);
+			host_t *other_host = current->get_other_host(current);
+
 			logger->log(logger, CONTROL, "  \"%s\": %s...%s",
 						current->get_name(current),
-						my_host->get_address(my_host), other_host->get_address(other_host));
+						my_host->get_address(my_host),
+						other_host->get_address(other_host));
 		}
 	}
 	iterator->destroy(iterator);
diff --git a/src/pluto/connections.c b/src/pluto/connections.c
index f672e928b..e05a1d0b5 100644
--- a/src/pluto/connections.c
+++ b/src/pluto/connections.c
@@ -350,7 +350,7 @@ delete_connection(struct connection *c, bool relations)
     free_ietfAttrList(c->spd.that.groups);
     free_generalNames(c->requested_ca, TRUE);
     gw_delref(&c->gw_info);
-    
+
     lock_certs_and_keys("delete_connection");
     release_cert(c->spd.this.cert);
     scx_release(c->spd.this.sc);
@@ -360,7 +360,7 @@ delete_connection(struct connection *c, bool relations)
 
     alg_info_delref((struct alg_info **)&c->alg_info_esp);
     alg_info_delref((struct alg_info **)&c->alg_info_ike);
-    
+
     pfree(c);
 }
 
@@ -978,8 +978,8 @@ add_connection(const whack_message_t *wm)
 	bool same_rightca, same_leftca;
 	struct connection *c = alloc_thing(struct connection, "struct connection");
 
-	c->name = wm->name;
-
+	c->name   = wm->name;
+	c->ikev1  = wm->ikev1;
 	c->policy = wm->policy;
 
 	if ((c->policy & POLICY_COMPRESS) && !can_do_IPcomp)
@@ -1138,7 +1138,9 @@ add_connection(const whack_message_t *wm)
 
 	unshare_connection_strings(c);
 	(void)orient(c);
-	connect_to_host_pair(c);
+
+	if (c->ikev1)
+	    connect_to_host_pair(c);
 
 	/* log all about this connection */
 	plog("added connection description \"%s\"", c->name);
@@ -1824,7 +1826,7 @@ initiate_connection(const char *name, int whackfd)
 {
     struct connection *c = con_by_name(name, TRUE);
 
-    if (c != NULL)
+    if (c != NULL && c->ikev1)
     {
 	set_cur_connection(c);
 	if (!oriented(*c))
@@ -2983,11 +2985,15 @@ terminate_connection(const char *nm)
     /* Loop because more than one may match (master and instances)
      * But at least one is required (enforced by con_by_name).
      */
-    struct connection *c, *n;
+    struct connection *c = con_by_name(nm, TRUE);
 
-    for (c = con_by_name(nm, TRUE); c != NULL; c = n)
+    if (c == NULL || !c->ikev1)
+	return;
+
+    do
     {
-	n = c->ac_next;	/* grab this before c might disappear */
+	struct connection *n = c->ac_next;  /* grab this before c might disappear */
+
 	if (streq(c->name, nm)
 	&& c->kind >= CK_PERMANENT
 	&& !NEVER_NEGOTIATE(c->policy))
@@ -2999,7 +3005,8 @@ terminate_connection(const char *nm)
 	    delete_states_by_connection(c, FALSE);
 	    reset_cur_connection();
 	}
-    }
+	c = n;
+    } while (c != NULL);
 }
 
 /* check nexthop safety
@@ -4006,7 +4013,7 @@ show_connections_status(bool all, const char *name)
     count = 0;
     for (c = connections; c != NULL; c = c->ac_next)
     {
-	if (name == NULL || streq(c->name, name))
+	if (c->ikev1 && (name == NULL || streq(c->name, name)))
 	    count++;
     }
     array = alloc_bytes(sizeof(struct connection *)*count, "connection array");
@@ -4014,7 +4021,7 @@ show_connections_status(bool all, const char *name)
     count=0;
     for (c = connections; c != NULL; c = c->ac_next)
     {
-	if (name == NULL || streq(c->name, name))
+	if (c->ikev1 && (name == NULL || streq(c->name, name)))
 	    array[count++]=c;
     }
 
diff --git a/src/pluto/connections.h b/src/pluto/connections.h
index 6dfddbe22..fd7abaad0 100644
--- a/src/pluto/connections.h
+++ b/src/pluto/connections.h
@@ -172,6 +172,8 @@ struct spd_route {
 
 struct connection {
     char *name;
+    bool ikev1;
+
     lset_t policy;
     time_t sa_ike_life_seconds;
     time_t sa_ipsec_life_seconds;
diff --git a/src/pluto/rcv_whack.c b/src/pluto/rcv_whack.c
index 99c377765..4bc8bca0a 100644
--- a/src/pluto/rcv_whack.c
+++ b/src/pluto/rcv_whack.c
@@ -569,7 +569,7 @@ whack_handle(int whackctlfd)
 	{
 	    struct connection *c = con_by_name(msg.name, TRUE);
 
-	    if (c != NULL)
+	    if (c != NULL && c->ikev1)
 	    {
 		set_cur_connection(c);
 		if (!oriented(*c))
@@ -595,7 +595,7 @@ whack_handle(int whackctlfd)
 	{
 	    struct connection *c = con_by_name(msg.name, TRUE);
 
-	    if (c != NULL)
+	    if (c != NULL && c->ikev1)
 	    {
 		struct spd_route *sr;
 		int fail = 0;
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 4b49d15b9..069b2199a 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -568,13 +568,15 @@ int main (int argc, char **argv)
 
 		    if (conn->startup == STARTUP_START)
 		    {
-			if (starter_charon_pid())
+			if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
 			{
-			    starter_stroke_initiate_conn(conn);
+			    if (starter_charon_pid())
+			    {
+				starter_stroke_initiate_conn(conn);
+			    }
 			}
-			if (conn->keyexchange != KEY_EXCHANGE_IKEV2)
+			else
 			{
-			    /* currently not initiated, until pluto handles the keyexchange flag */
 			    if (starter_pluto_pid())
 			    {
 				starter_whack_initiate_conn(conn);
@@ -583,13 +585,15 @@ int main (int argc, char **argv)
 		    }
 		    else if (conn->startup == STARTUP_ROUTE)
 		    {
-			if (starter_charon_pid())
+			if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
 			{
-			    starter_stroke_route_conn(conn);
+			    if (starter_charon_pid())
+			    {
+				starter_stroke_route_conn(conn);
+			    }
 			}
-			if (conn->keyexchange != KEY_EXCHANGE_IKEV2)
+			else
 			{
-			    /* currently not routed, until pluto handles the keyexchange flag */
 			    if (starter_pluto_pid())
 			    {
 				starter_whack_route_conn(conn);
diff --git a/src/starter/starterwhack.c b/src/starter/starterwhack.c
index 38cff4aa2..862c01766 100644
--- a/src/starter/starterwhack.c
+++ b/src/starter/starterwhack.c
@@ -234,6 +234,7 @@ starter_whack_add_conn(starter_conn_t *conn)
     msg.whack_connection = TRUE;
     msg.name = connection_name(conn);
 
+    msg.ikev1                 = conn->keyexchange != KEY_EXCHANGE_IKEV2;
     msg.addr_family           = conn->addr_family;
     msg.tunnel_addr_family    = conn->tunnel_addr_family;
     msg.sa_ike_life_seconds   = conn->sa_ike_life_seconds;
diff --git a/src/whack/whack.c b/src/whack/whack.c
index 98867eab5..8e053dea0 100644
--- a/src/whack/whack.c
+++ b/src/whack/whack.c
@@ -846,6 +846,9 @@ main(int argc, char **argv)
     msg.ike = NULL;
     msg.pfsgroup = NULL;
 
+   /* if a connection is added via whack then we assume IKEv1 */
+    msg.ikev1 = TRUE;
+
     msg.sa_ike_life_seconds = OAKLEY_ISAKMP_SA_LIFETIME_DEFAULT;
     msg.sa_ipsec_life_seconds = PLUTO_SA_LIFE_DURATION_DEFAULT;
     msg.sa_rekey_margin = SA_REPLACEMENT_MARGIN_DEFAULT;
diff --git a/src/whack/whack.h b/src/whack/whack.h
index 96e4cff98..965cdd346 100644
--- a/src/whack/whack.h
+++ b/src/whack/whack.h
@@ -103,6 +103,7 @@ struct whack_message {
 
     bool whack_connection;
     bool whack_async;
+    bool ikev1;
 
     lset_t policy;
     time_t sa_ike_life_seconds;