ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

ikev2: Don't set old IKE_SA to REKEYING state during make-before-break reauth 

We are actually not in rekeying state, but just trigger a separate, new IKE_SA
as a replacement for the current IKE_SA. Switching to the REKEYING state
disables the invocation of both IKE and CHILD_SA updown hooks as initiator,
preventing the removal of any firewall rules.

Fixes #885.
This commit is contained in:
Martin Willi 2015-03-11 14:41:37 +01:00
parent 438318c6c3
commit 799f4c5db9
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/libcharon/sa/ikev2/task_manager_v2.c
View File

@ -1573,7 +1573,6 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
new->queue_task(new, (task_t*)ike_reauth_complete_create(new,
this->ike_sa->get_id(this->ike_sa)));
charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
}
else
{