From 2d38a03d77096467f32ca6b3baad4a8d5110313c Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 12 Aug 2014 15:15:02 +0200
Subject: [PATCH] ikev1: Make sure proposed IPsec mode matches our own

References #557.
---
 src/libcharon/sa/ikev1/tasks/quick_mode.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index 0d6be3881..1133aab65 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -1030,7 +1030,8 @@ METHOD(task_t, process_r, status_t,
 			}
 			tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
 			tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
-			if (!this->config || !this->tsi || !this->tsr)
+			if (!this->config || !this->tsi || !this->tsr ||
+				this->mode != this->config->get_mode(this->config))
 			{
 				DBG1(DBG_IKE, "no matching CHILD_SA config found");
 				return send_notify(this, INVALID_ID_INFORMATION);