diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c index 8d844ac5a..ed5fbe5c9 100644 --- a/src/libcharon/sa/ikev1/phase1.c +++ b/src/libcharon/sa/ikev1/phase1.c @@ -416,7 +416,8 @@ METHOD(phase1_t, get_auth_method, auth_method_t, } METHOD(phase1_t, select_config, peer_cfg_t*, - private_phase1_t *this, auth_method_t method, identification_t *id) + private_phase1_t *this, auth_method_t method, bool aggressive, + identification_t *id) { enumerator_t *enumerator; peer_cfg_t *current, *found = NULL; @@ -430,7 +431,8 @@ METHOD(phase1_t, select_config, peer_cfg_t*, me, other, NULL, id, IKEV1); while (enumerator->enumerate(enumerator, ¤t)) { - if (get_auth_method(this, current) == method) + if (get_auth_method(this, current) == method && + current->use_aggressive(current) == aggressive) { found = current->get_ref(current); break; diff --git a/src/libcharon/sa/ikev1/phase1.h b/src/libcharon/sa/ikev1/phase1.h index 22b9dd68a..994c85be7 100644 --- a/src/libcharon/sa/ikev1/phase1.h +++ b/src/libcharon/sa/ikev1/phase1.h @@ -91,11 +91,12 @@ struct phase1_t { * Select a peer config as responder. * * @param method used authentication method + * @param aggressive TRUE to get an aggressive mode config * @param id initiator identity * @return selected peer config, NULL if none found */ peer_cfg_t* (*select_config)(phase1_t *this, auth_method_t method, - identification_t *id); + bool aggressive, identification_t *id); /** * Get configured identity from peer config. diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 2c4e14e43..483351db2 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -380,7 +380,7 @@ METHOD(task_t, process_r, status_t, this->id_data = id_payload->get_encoded(id_payload); this->ike_sa->set_other_id(this->ike_sa, id); this->peer_cfg = this->ph1->select_config(this->ph1, - this->method, id); + this->method, TRUE, id); if (!this->peer_cfg) { DBG1(DBG_IKE, "no peer config found"); diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index a3b567870..52c2258e5 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -393,7 +393,7 @@ METHOD(task_t, process_r, status_t, id = id_payload->get_identification(id_payload); this->ike_sa->set_other_id(this->ike_sa, id); this->peer_cfg = this->ph1->select_config(this->ph1, - this->method, id); + this->method, FALSE, id); if (!this->peer_cfg) { DBG1(DBG_IKE, "no peer config found");