diff --git a/configure.in b/configure.in index c5fd1d3c6..0c288f82e 100644 --- a/configure.in +++ b/configure.in @@ -71,6 +71,29 @@ AC_ARG_WITH( [AC_SUBST(ipsecgroup, "root")] ) +AC_ARG_WITH( + [charon-udp-port], + AS_HELP_STRING([--with-charon-udp-port=port],[UDP port used by charon locally (default 500).]), + [AC_DEFINE_UNQUOTED(CHARON_UDP_PORT, [$withval], [UDP port used by charon locally]) + AC_SUBST(charon_udp_port, [$withval])], + [AC_SUBST(charon_udp_port, 500)] +) + +AC_ARG_WITH( + [charon-natt-port], + AS_HELP_STRING([--with-charon-natt-port=port],[UDP port used by charon locally in case a NAT is detected (must be different from charon-udp-port, default 4500)]), + [AC_DEFINE_UNQUOTED(CHARON_NATT_PORT, [$withval], [UDP post used by charon locally in case a NAT is detected]) + AC_SUBST(charon_natt_port, [$withval])], + [AC_SUBST(charon_natt_port, 4500)] +) + +AC_MSG_CHECKING([configured UDP ports ($charon_udp_port, $charon_natt_port)]) +if test x$charon_udp_port == x$charon_natt_port; then + AC_MSG_ERROR(the ports have to be different) +else + AC_MSG_RESULT(ok) +fi + # convert script name to uppercase AC_SUBST(ipsec_script_upper, [`echo -n "$ipsec_script" | tr a-z A-Z`]) diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index 86d293d97..affe281fa 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -497,7 +497,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, /** * Set up configurations */ - ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", FALSE, IKEV2_UDP_PORT, + ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", FALSE, CHARON_UDP_PORT, (char*)address, FALSE, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create(priv->name, IKEV2, ike_cfg, diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h index f42a9f078..b67de77b8 100644 --- a/src/libcharon/daemon.h +++ b/src/libcharon/daemon.h @@ -178,15 +178,30 @@ typedef struct daemon_t daemon_t; #define DEFAULT_THREADS 16 /** - * UDP Port on which the daemon will listen for incoming traffic. + * Primary UDP port used by IKE. */ #define IKEV2_UDP_PORT 500 /** - * UDP Port to which the daemon will float to if NAT is detected. + * UDP port defined for use in case a NAT is detected. */ #define IKEV2_NATT_PORT 4500 +/** + * UDP port on which the daemon will listen for incoming traffic (also used as + * source port for outgoing traffic). + */ +#ifndef CHARON_UDP_PORT +#define CHARON_UDP_PORT IKEV2_UDP_PORT +#endif + +/** + * UDP port used by the daemon in case a NAT is detected. + */ +#ifndef CHARON_NATT_PORT +#define CHARON_NATT_PORT IKEV2_NATT_PORT +#endif + /** * Main class of daemon, contains some globals. */ diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c index 6ca7407ca..c5553f24f 100644 --- a/src/libcharon/plugins/android/android_service.c +++ b/src/libcharon/plugins/android/android_service.c @@ -264,7 +264,7 @@ static job_requeue_t initiate(private_android_service_t *this) this->creds->set_username_password(this->creds, user, password); } - ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", FALSE, IKEV2_UDP_PORT, + ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", FALSE, CHARON_UDP_PORT, hostname, FALSE, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index d1edb3e55..200733cac 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -203,7 +203,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, lib->credmgr->add_set(lib->credmgr, &this->creds.public); /* create config and backend */ - ike_cfg = ike_cfg_create(FALSE, FALSE, local, FALSE, IKEV2_UDP_PORT, + ike_cfg = ike_cfg_create(FALSE, FALSE, local, FALSE, CHARON_UDP_PORT, remote, FALSE, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create("ha", IKEV2, ike_cfg, CERT_NEVER_SEND, diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index d041d4cdc..2e02fb57c 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -257,7 +257,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) else { ike_cfg = ike_cfg_create(FALSE, FALSE, - this->local, FALSE, IKEV2_UDP_PORT, + this->local, FALSE, CHARON_UDP_PORT, this->remote, FALSE, IKEV2_UDP_PORT); } ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index b5f50f1c6..9f1f16956 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -323,7 +323,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, NULL); } - ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", FALSE, IKEV2_UDP_PORT, + ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", FALSE, CHARON_UDP_PORT, hostname, FALSE, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index 15d4ffa3f..6b28f751c 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -119,7 +119,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, return NULL; } ike_cfg = ike_cfg_create(FALSE, FALSE, - "0.0.0.0", FALSE, IKEV2_UDP_PORT, + "0.0.0.0", FALSE, CHARON_UDP_PORT, address, FALSE, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); med_cfg = peer_cfg_create( @@ -396,7 +396,7 @@ medcli_config_t *medcli_config_create(database_t *db) .rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200), .dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300), .ike = ike_cfg_create(FALSE, FALSE, - "0.0.0.0", FALSE, IKEV2_UDP_PORT, + "0.0.0.0", FALSE, CHARON_UDP_PORT, "0.0.0.0", FALSE, IKEV2_UDP_PORT), ); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c index ef3b04497..b19847b87 100644 --- a/src/libcharon/plugins/medsrv/medsrv_config.c +++ b/src/libcharon/plugins/medsrv/medsrv_config.c @@ -141,7 +141,7 @@ medsrv_config_t *medsrv_config_create(database_t *db) .rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200), .dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300), .ike = ike_cfg_create(FALSE, FALSE, - "0.0.0.0", FALSE, IKEV2_UDP_PORT, + "0.0.0.0", FALSE, CHARON_UDP_PORT, "0.0.0.0", FALSE, IKEV2_UDP_PORT), ); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index d1c5626b7..0df040e85 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -171,22 +171,22 @@ METHOD(socket_t, receiver, status_t, if (FD_ISSET(this->ipv4, &rfds)) { - port = IKEV2_UDP_PORT; + port = CHARON_UDP_PORT; selected = this->ipv4; } if (FD_ISSET(this->ipv4_natt, &rfds)) { - port = IKEV2_NATT_PORT; + port = CHARON_NATT_PORT; selected = this->ipv4_natt; } if (FD_ISSET(this->ipv6, &rfds)) { - port = IKEV2_UDP_PORT; + port = CHARON_UDP_PORT; selected = this->ipv6; } if (FD_ISSET(this->ipv6_natt, &rfds)) { - port = IKEV2_NATT_PORT; + port = CHARON_NATT_PORT; selected = this->ipv6_natt; } if (selected) @@ -299,7 +299,7 @@ METHOD(socket_t, receiver, status_t, DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest); data_offset = 0; /* remove non esp marker */ - if (dest->get_port(dest) == IKEV2_NATT_PORT) + if (dest->get_port(dest) == CHARON_NATT_PORT) { data_offset += MARKER_LEN; } @@ -339,7 +339,7 @@ METHOD(socket_t, sender, status_t, /* send data */ sport = src->get_port(src); family = dst->get_family(dst); - if (sport == IKEV2_UDP_PORT) + if (sport == CHARON_UDP_PORT) { if (family == AF_INET) { @@ -350,7 +350,7 @@ METHOD(socket_t, sender, status_t, skt = this->ipv6; } } - else if (sport == IKEV2_NATT_PORT) + else if (sport == CHARON_NATT_PORT) { if (family == AF_INET) { @@ -537,7 +537,7 @@ static int open_socket(private_socket_default_socket_t *this, { /* enable UDP decapsulation globally, only for one socket needed */ int type = UDP_ENCAP_ESPINUDP; - if (family == AF_INET && port == IKEV2_NATT_PORT && + if (family == AF_INET && port == CHARON_NATT_PORT && setsockopt(skt, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0) { DBG1(DBG_NET, "unable to set UDP_ENCAP: %s", strerror(errno)); @@ -590,7 +590,7 @@ socket_default_socket_t *socket_default_socket_create() #ifdef __APPLE__ { - int natt_port = IKEV2_NATT_PORT; + int natt_port = CHARON_NATT_PORT; if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &natt_port, sizeof(natt_port)) != 0) { @@ -600,28 +600,28 @@ socket_default_socket_t *socket_default_socket_create() } #endif - this->ipv4 = open_socket(this, AF_INET, IKEV2_UDP_PORT); + this->ipv4 = open_socket(this, AF_INET, CHARON_UDP_PORT); if (this->ipv4 == 0) { DBG1(DBG_NET, "could not open IPv4 socket, IPv4 disabled"); } else { - this->ipv4_natt = open_socket(this, AF_INET, IKEV2_NATT_PORT); + this->ipv4_natt = open_socket(this, AF_INET, CHARON_NATT_PORT); if (this->ipv4_natt == 0) { DBG1(DBG_NET, "could not open IPv4 NAT-T socket"); } } - this->ipv6 = open_socket(this, AF_INET6, IKEV2_UDP_PORT); + this->ipv6 = open_socket(this, AF_INET6, CHARON_UDP_PORT); if (this->ipv6 == 0) { DBG1(DBG_NET, "could not open IPv6 socket, IPv6 disabled"); } else { - this->ipv6_natt = open_socket(this, AF_INET6, IKEV2_NATT_PORT); + this->ipv6_natt = open_socket(this, AF_INET6, CHARON_NATT_PORT); if (this->ipv6_natt == 0) { DBG1(DBG_NET, "could not open IPv6 NAT-T socket"); diff --git a/src/libcharon/plugins/socket_raw/socket_raw_socket.c b/src/libcharon/plugins/socket_raw/socket_raw_socket.c index 6557fc12f..539411379 100644 --- a/src/libcharon/plugins/socket_raw/socket_raw_socket.c +++ b/src/libcharon/plugins/socket_raw/socket_raw_socket.c @@ -204,7 +204,7 @@ METHOD(socket_t, receiver, status_t, DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest); data_offset = IP_LEN + UDP_LEN; /* remove non esp marker */ - if (dest->get_port(dest) == IKEV2_NATT_PORT) + if (dest->get_port(dest) == CHARON_NATT_PORT) { data_offset += MARKER_LEN; } @@ -291,7 +291,7 @@ METHOD(socket_t, receiver, status_t, DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest); data_offset = UDP_LEN; /* remove non esp marker */ - if (dest->get_port(dest) == IKEV2_NATT_PORT) + if (dest->get_port(dest) == CHARON_NATT_PORT) { data_offset += MARKER_LEN; } @@ -332,7 +332,7 @@ METHOD(socket_t, sender, status_t, /* send data */ sport = src->get_port(src); family = dst->get_family(dst); - if (sport == IKEV2_UDP_PORT) + if (sport == CHARON_UDP_PORT) { if (family == AF_INET) { @@ -343,7 +343,7 @@ METHOD(socket_t, sender, status_t, skt = this->send6; } } - else if (sport == IKEV2_NATT_PORT) + else if (sport == CHARON_NATT_PORT) { if (family == AF_INET) { @@ -541,8 +541,8 @@ static int open_recv_socket(private_socket_raw_socket_t *this, int family) { /* Destination Port must be either port or natt_port */ BPF_STMT(BPF_LD+BPF_H+BPF_ABS, udp_header + 2), - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IKEV2_UDP_PORT, 1, 0), - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IKEV2_NATT_PORT, 6, 14), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, CHARON_UDP_PORT, 1, 0), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, CHARON_NATT_PORT, 6, 14), /* port */ /* IKE version must be 2.x */ BPF_STMT(BPF_LD+BPF_B+BPF_ABS, ike_header + IKE_VERSION_OFFSET), @@ -667,7 +667,7 @@ socket_raw_socket_t *socket_raw_socket_create() } else { - this->send4 = open_send_socket(this, AF_INET, IKEV2_UDP_PORT); + this->send4 = open_send_socket(this, AF_INET, CHARON_UDP_PORT); if (this->send4 == 0) { DBG1(DBG_NET, "could not open IPv4 send socket, IPv4 disabled"); @@ -675,7 +675,7 @@ socket_raw_socket_t *socket_raw_socket_create() } else { - this->send4_natt = open_send_socket(this, AF_INET, IKEV2_NATT_PORT); + this->send4_natt = open_send_socket(this, AF_INET, CHARON_NATT_PORT); if (this->send4_natt == 0) { DBG1(DBG_NET, "could not open IPv4 NAT-T send socket"); @@ -690,7 +690,7 @@ socket_raw_socket_t *socket_raw_socket_create() } else { - this->send6 = open_send_socket(this, AF_INET6, IKEV2_UDP_PORT); + this->send6 = open_send_socket(this, AF_INET6, CHARON_UDP_PORT); if (this->send6 == 0) { DBG1(DBG_NET, "could not open IPv6 send socket, IPv6 disabled"); @@ -698,7 +698,7 @@ socket_raw_socket_t *socket_raw_socket_create() } else { - this->send6_natt = open_send_socket(this, AF_INET6, IKEV2_NATT_PORT); + this->send6_natt = open_send_socket(this, AF_INET6, CHARON_NATT_PORT); if (this->send6_natt == 0) { DBG1(DBG_NET, "could not open IPv6 NAT-T send socket"); diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index dd9a0b09d..28b493e7a 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -259,7 +259,7 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, ike_cfg_t *ike_cfg; ike_cfg = ike_cfg_create(certreq, force_encap, - local, FALSE, IKEV2_UDP_PORT, + local, FALSE, CHARON_UDP_PORT, remote, FALSE, IKEV2_UDP_PORT); add_ike_proposals(this, ike_cfg, id); return ike_cfg; diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index c884da05d..83f04bd38 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -188,6 +188,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg ike_cfg_t *ike_cfg; char *interface; host_t *host; + u_int16_t ikeport; host = host_create_from_dns(msg->add_conn.other.address, 0, 0); if (host) @@ -224,11 +225,13 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg } } } + ikeport = msg->add_conn.me.ikeport; + ikeport = (ikeport == IKEV2_UDP_PORT) ? CHARON_UDP_PORT : ikeport; ike_cfg = ike_cfg_create(msg->add_conn.other.sendcert != CERT_NEVER_SEND, msg->add_conn.force_encap, msg->add_conn.me.address, msg->add_conn.me.allow_any, - msg->add_conn.me.ikeport, + ikeport, msg->add_conn.other.address, msg->add_conn.other.allow_any, msg->add_conn.other.ikeport); diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index 9b0fd73ad..9dc0cfcde 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -169,7 +169,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, { DESTROY_IF(this->peer_cfg); ike_cfg = ike_cfg_create(FALSE, FALSE, - local_addr, FALSE, IKEV2_UDP_PORT, + local_addr, FALSE, CHARON_UDP_PORT, remote_addr, FALSE, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); this->peer_cfg = peer_cfg_create( @@ -267,7 +267,7 @@ METHOD(enumerator_t, ike_enumerator_enumerate, bool, { DESTROY_IF(this->ike_cfg); this->ike_cfg = ike_cfg_create(FALSE, FALSE, - local_addr, FALSE, IKEV2_UDP_PORT, + local_addr, FALSE, CHARON_UDP_PORT, remote_addr, FALSE, IKEV2_UDP_PORT); this->ike_cfg->add_proposal(this->ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); diff --git a/src/libcharon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c index 45bac7cf8..6e5b4af0d 100644 --- a/src/libcharon/processing/jobs/migrate_job.c +++ b/src/libcharon/processing/jobs/migrate_job.c @@ -97,7 +97,7 @@ METHOD(job_t, execute, job_requeue_t, ike_sa->set_kmaddress(ike_sa, this->local, this->remote); host = this->local->clone(this->local); - host->set_port(host, IKEV2_UDP_PORT); + host->set_port(host, CHARON_UDP_PORT); ike_sa->set_my_host(ike_sa, host); host = this->remote->clone(this->remote); diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 0a7c52a74..5182da5aa 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -845,9 +845,9 @@ METHOD(ike_sa_t, float_ports, void, private_ike_sa_t *this) { /* do not switch if we have a custom port from MOBIKE/NAT */ - if (this->my_host->get_port(this->my_host) == IKEV2_UDP_PORT) + if (this->my_host->get_port(this->my_host) == CHARON_UDP_PORT) { - this->my_host->set_port(this->my_host, IKEV2_NATT_PORT); + this->my_host->set_port(this->my_host, CHARON_NATT_PORT); } if (this->other_host->get_port(this->other_host) == IKEV2_UDP_PORT) { @@ -1054,7 +1054,7 @@ static void resolve_hosts(private_ike_sa_t *this) if (this->local_host) { host = this->local_host->clone(this->local_host); - host->set_port(host, IKEV2_UDP_PORT); + host->set_port(host, CHARON_UDP_PORT); } else { @@ -2239,7 +2239,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator, } this->task_manager = task_manager_create(&this->public); - this->my_host->set_port(this->my_host, IKEV2_UDP_PORT); + this->my_host->set_port(this->my_host, CHARON_UDP_PORT); if (!this->task_manager || !this->keymat) { diff --git a/src/libcharon/sa/ikev1/tasks/informational.c b/src/libcharon/sa/ikev1/tasks/informational.c index 8228d016a..eee716c85 100644 --- a/src/libcharon/sa/ikev1/tasks/informational.c +++ b/src/libcharon/sa/ikev1/tasks/informational.c @@ -116,7 +116,7 @@ METHOD(task_t, process_r, status_t, notify_type_names, type, redirect); /* Cisco boxes reject the first message from 4500 */ me = this->ike_sa->get_my_host(this->ike_sa); - me->set_port(me, IKEV2_UDP_PORT); + me->set_port(me, CHARON_UDP_PORT); this->ike_sa->set_other_host(this->ike_sa, redirect); this->ike_sa->reauth(this->ike_sa); enumerator->destroy(enumerator); diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c index 90c38666b..388b45c68 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c +++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c @@ -271,15 +271,15 @@ static void update_children(private_ike_mobike_t *this) /** * Apply the port of the old host, if its ip equals the new, use port otherwise. */ -static void apply_port(host_t *host, host_t *old, u_int16_t port) +static void apply_port(host_t *host, host_t *old, u_int16_t port, bool local) { if (host->ip_equals(host, old)) { port = old->get_port(old); } - else if (port == IKEV2_UDP_PORT) + else if (port == (local ? CHARON_UDP_PORT : IKEV2_UDP_PORT)) { - port = IKEV2_NATT_PORT; + port = (local ? CHARON_NATT_PORT : IKEV2_NATT_PORT); } host->set_port(host, port); } @@ -314,9 +314,9 @@ METHOD(ike_mobike_t, transmit, void, continue; } /* reuse port for an active address, 4500 otherwise */ - apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg)); + apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg), TRUE); other = other->clone(other); - apply_port(other, other_old, ike_cfg->get_other_port(ike_cfg)); + apply_port(other, other_old, ike_cfg->get_other_port(ike_cfg), FALSE); DBG1(DBG_IKE, "checking path %#H - %#H", me, other); copy = packet->clone(packet); copy->set_source(copy, me);