ikev2: Don't set old IKE_SA to REKEYING state during make-before-break reauth
We are actually not in rekeying state, but just trigger a separate, new IKE_SA as a replacement for the current IKE_SA. Switching to the REKEYING state disables the invocation of both IKE and CHILD_SA updown hooks as initiator, preventing the removal of any firewall rules. Fixes #885.
This commit is contained in:
parent
438318c6c3
commit
799f4c5db9
|
@ -1573,7 +1573,6 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
|
|||
new->queue_task(new, (task_t*)ike_reauth_complete_create(new,
|
||||
this->ike_sa->get_id(this->ike_sa)));
|
||||
charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
|
||||
this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue