From 7fd6c078b67ee4e5061379599b6a814bba22b8c6 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 16 Apr 2012 11:55:07 +0200
Subject: Use IP address as ID as responder if not configured or no IDr
 received.

---
 src/libcharon/sa/tasks/ike_auth.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'src/libcharon/sa/tasks/ike_auth.c')

diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c
index 389465d1a..7552097f9 100644
--- a/src/libcharon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
@@ -695,9 +695,17 @@ METHOD(task_t, build_r, status_t,
 		if (id->get_type(id) == ID_ANY)
 		{	/* no IDr received, apply configured ID */
 			if (!id_cfg || id_cfg->contains_wildcards(id_cfg))
-			{
-				DBG1(DBG_CFG, "IDr not configured and negotiation failed");
-				goto peer_auth_failed;
+			{	/* no ID configured, use local IP address */
+				host_t *me;
+
+				DBG1(DBG_CFG, "no IDr configured, fall back on IP address");
+				me = this->ike_sa->get_my_host(this->ike_sa);
+				id_cfg = identification_create_from_sockaddr(
+														me->get_sockaddr(me));
+				if (!cfg->replace_value(cfg, AUTH_RULE_IDENTITY, id_cfg))
+				{
+					cfg->add(cfg, AUTH_RULE_IDENTITY, id_cfg);
+				}
 			}
 			this->ike_sa->set_my_id(this->ike_sa, id_cfg->clone(id_cfg));
 			id = id_cfg;
-- 
cgit v1.2.3