Adopt children after syncing a rekeyed IKEv1 SA

src/libcharon/plugins/ha/ha_dispatcher.c

@@ -19,6 +19,7 @@
 #include <sa/ikev2/keymat_v2.h>
 #include <sa/ikev1/keymat_v1.h>
 #include <processing/jobs/callback_job.h>
+#include <processing/jobs/adopt_children_job.h>
 
 typedef struct private_ha_dispatcher_t private_ha_dispatcher_t;
 typedef struct ha_diffie_hellman_t ha_diffie_hellman_t;
@@ -427,6 +428,11 @@ static void process_ike_update(private_ha_dispatcher_t *this,
 				}
 			}
 		}
+		if (ike_sa->get_version(ike_sa) == IKEV1)
+		{
+			lib->processor->queue_job(lib->processor, (job_t*)
+							adopt_children_job_create(ike_sa->get_id(ike_sa)));
+		}
 		this->cache->cache(this->cache, ike_sa, message);
 		charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
 	}

src/libcharon/processing/jobs/adopt_children_job.c

@@ -88,7 +88,8 @@ METHOD(job_t, execute, void,
 			ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, id);
 			if (ike_sa)
 			{
-				if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
+				if ((ike_sa->get_state(ike_sa) == IKE_ESTABLISHED ||
+					 ike_sa->get_state(ike_sa) == IKE_PASSIVE) &&
 					me->equals(me, ike_sa->get_my_host(ike_sa)) &&
 					other->equals(other, ike_sa->get_other_host(ike_sa)) &&
 					xauth->equals(xauth, ike_sa->get_other_eap_id(ike_sa)) &&

src/libcharon/sa/ike_sa_manager.c

@@ -1375,7 +1375,8 @@ METHOD(ike_sa_manager_t, checkin, void,
 	}
 
 	/* apply identities for duplicate test */
-	if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
+	if ((ike_sa->get_state(ike_sa) == IKE_ESTABLISHED ||
+		 ike_sa->get_state(ike_sa) == IKE_PASSIVE) &&
 		entry->my_id == NULL && entry->other_id == NULL)
 	{
 		if (ike_sa->get_version(ike_sa) == IKEV1)