diff --git a/src/pluto/constants.h b/src/pluto/constants.h index 34cae3c62..b096f5eb5 100644 --- a/src/pluto/constants.h +++ b/src/pluto/constants.h @@ -554,8 +554,8 @@ enum state_kind { #define IS_ISAKMP_SA_ESTABLISHED(s) ( \ (s) == STATE_MAIN_R3 \ || (s) == STATE_MAIN_I4 \ - || (s) == STATE_XAUTH_R3 \ || (s) == STATE_XAUTH_I2 \ + || (s) == STATE_XAUTH_R3 \ || (s) == STATE_MODE_CFG_R1 \ || (s) == STATE_MODE_CFG_I2 \ || (s) == STATE_MODE_CFG_I3 \ diff --git a/src/pluto/demux.c b/src/pluto/demux.c index 1f47daf8f..7e59b184d 100644 --- a/src/pluto/demux.c +++ b/src/pluto/demux.c @@ -443,7 +443,7 @@ static const struct state_microcode state_microcode_table[] = { , EVENT_RETRANSMIT, xauth_inI0 }, { STATE_XAUTH_R1, STATE_XAUTH_R2 - , SMF_ALL_AUTH | SMF_ENCRYPTED | SMF_REPLY + , SMF_ALL_AUTH | SMF_ENCRYPTED , P(ATTR) | P(HASH), P(VID), PT(HASH) , EVENT_RETRANSMIT, xauth_inR1 }, @@ -1552,6 +1552,15 @@ process_packet(struct msg_digest **mdp) set_cur_state(st); + /* the XAUTH_STATUS message might have a new msgid */ + if (st->st_state == STATE_XAUTH_I1) + { + init_phase2_iv(st, &md->hdr.isa_msgid); + new_iv_set = TRUE; + from_state = st->st_state; + break; + } + if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state)) { loglog(RC_LOG_SERIOUS, "ModeCfg message is unacceptable because" diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c index 1725adc1e..ab44a113e 100644 --- a/src/pluto/modecfg.c +++ b/src/pluto/modecfg.c @@ -910,6 +910,7 @@ xauth_inI0(struct msg_digest *md) if (stat == STF_OK) { st->st_xauth.started = TRUE; + st->st_msgid = 0; return STF_OK; } else @@ -988,11 +989,8 @@ xauth_inR1(struct msg_digest *md) plog("sending XAUTH status:"); - stat_build = modecfg_build_msg(st, &md->rbody - , ISAKMP_CFG_SET - , &ia - , isama_id); - if (stat_build != STF_OK) + stat_build = modecfg_send_msg(st, ISAKMP_CFG_SET, &ia); + if (stat_build != STF_OK) return stat_build; return STF_OK; }