From 3070697f9f7cc87e5abd9924dccedda9b2656100 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 25 Jul 2013 15:37:13 +0200 Subject: ike: support multiple addresses, ranges and subnets in IKE address config Replace the allowany semantic by a more powerful subnet and IP range matching. Multiple addresses, DNS names, subnets and ranges can be specified in a comma separated list. Initiators ignore the ranges/subnets, responders match configurations against all addresses, ranges and subnets. --- src/libcharon/plugins/sql/sql_config.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'src/libcharon/plugins/sql/sql_config.c') diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index e6b69a4f4..a8d34f2d4 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -258,11 +258,9 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, { ike_cfg_t *ike_cfg; - ike_cfg = ike_cfg_create(IKEV2, certreq, force_encap, - local, FALSE, + ike_cfg = ike_cfg_create(IKEV2, certreq, force_encap, local, charon->socket->get_port(charon->socket, FALSE), - remote, FALSE, IKEV2_UDP_PORT, - FRAGMENTATION_NO, 0); + remote, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); add_ike_proposals(this, ike_cfg, id); return ike_cfg; } -- cgit v1.2.3