From b451303a6ca28ec0857165be6bc62dc130a801f7 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 26 Jun 2014 15:44:32 +0200 Subject: kernel-pfkey: Install routes for shunt policies --- src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c') diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index aa077d369..4bc2770c1 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -2447,12 +2447,12 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this, free(out); /* install a route, if: - * - this is a forward policy (to just get one for each child) - * - we are in tunnel mode + * - this is an inbound policy (to just get one for each child) + * - we are in tunnel mode or install a bypass policy * - routing is not disabled via strongswan.conf */ - if (policy->direction == POLICY_IN && - ipsec->cfg.mode != MODE_TRANSPORT && this->install_routes) + if (policy->direction == POLICY_IN && this->install_routes && + (mapping->type != POLICY_IPSEC || ipsec->cfg.mode != MODE_TRANSPORT)) { install_route(this, policy, (policy_sa_in_t*)mapping); } -- cgit v1.2.3