From 50798628c5530ac3b35d3376cbfd89f326ac286f Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 6 Jun 2016 16:20:34 +0200 Subject: kernel-pfkey: Also use interface returned by get_nexthop() for IPsec policies An exception is if the local address is virtual, in which case we want the route to be via TUN device. --- src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c') diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 82abc76fa..a5d3c0a4b 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -2315,13 +2315,15 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this, if (!dst->is_anyaddr(dst)) { route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, - src, NULL); + src, &route->if_name); /* if the IP is virtual, we install the route over the interface it has * been installed on. Otherwise we use the interface we use for IKE, as * this is required for example on Linux. */ if (is_virtual) { + free(route->if_name); + route->if_name = NULL; src = route->src_ip; } } -- cgit v1.2.3