ikev2: Fix reauthentication if peer assigns a different virtual IP
Before this change a reqid set on the create_child_t task was used as
indicator of the CHILD_SA being rekeyed. Only if that was not the case
would the local traffic selector be changed to 0.0.0.0/0|::/0 (as we
don't know which virtual IP the gateway will eventually assign).
On the other hand, in case of a rekeying the VIP is expected to remain
the same, so the local TS would simply equal the VIP.
Since c949a4d501
reauthenticated CHILD_SAs also have the reqid
set. Which meant that the local TS would contain the previously
assigned VIP, basically rendering the gateway unable to assign a
different VIP to the client as the resulting TS would not match
the client's proposal anymore.
Fixes #553.
This commit is contained in:
parent
37cb91d737
commit
4469e3d050
|
@ -950,7 +950,7 @@ METHOD(task_t, build_i, status_t,
|
|||
/* check if we want a virtual IP, but don't have one */
|
||||
list = linked_list_create();
|
||||
peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
|
||||
if (!this->reqid)
|
||||
if (!this->rekey)
|
||||
{
|
||||
enumerator = peer_cfg->create_virtual_ip_enumerator(peer_cfg);
|
||||
while (enumerator->enumerate(enumerator, &vip))
|
||||
|
|
Loading…
Reference in New Issue