From 322a11ccbbed6408ecac4b6da3922573c20f1d1b Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 13 Oct 2015 12:10:42 +0200 Subject: mode-config: Reassign migrated virtual IP if client requests %any If we mistakenly detect a new IKE_SA as a reauthentication the client won't request the previous virtual IP, but since we already migrated it we already triggered the assign_vips() hook, so we should reassign the migrated virtual IP. Fixes #1152. --- src/libcharon/sa/ikev1/tasks/mode_config.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/libcharon/sa/ikev1/tasks') diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c index d0994a961..a03477e18 100644 --- a/src/libcharon/sa/ikev1/tasks/mode_config.c +++ b/src/libcharon/sa/ikev1/tasks/mode_config.c @@ -482,7 +482,9 @@ static host_t *assign_migrated_vip(linked_list_t *migrated, host_t *requested) enumerator = migrated->create_enumerator(migrated); while (enumerator->enumerate(enumerator, &vip)) { - if (vip->ip_equals(vip, requested)) + if (vip->ip_equals(vip, requested) || + (requested->is_anyaddr(requested) && + requested->get_family(requested) == vip->get_family(vip))) { migrated->remove_at(migrated, enumerator); found = vip; -- cgit v1.2.3