From 777bcdc0d5c96ee8036f2aa417fd455852f4ef8d Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 26 Jul 2012 15:45:49 +0200 Subject: Don't include acquiring packet traffic selectors in IKEv1 As we only can negotiate a single TS in IKEv1, don't prepend the triggering packet TS, as we do in IKEv2. Otherwise we don't establish the TS of the configuration, but only that of the triggering packet. Fixes #207. --- src/libcharon/sa/trap_manager.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src') diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index e03e30695..b3d9e1597 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -290,6 +290,11 @@ METHOD(trap_manager_t, acquire, void, { ike_sa->set_peer_cfg(ike_sa, peer); } + if (ike_sa->get_version(ike_sa) == IKEV1) + { /* in IKEv1, don't prepend the acquiring packet TS, as we only + * have a single TS that we can establish in a Quick Mode. */ + src = dst = NULL; + } if (ike_sa->initiate(ike_sa, child, reqid, src, dst) != DESTROY_ME) { /* make sure the entry is still there */ -- cgit v1.2.3