ike: Reset IKE_SA in state CONNECTING instead of reauthenticating

Due to how reauthentication works for IKEv1 we could get a second
IKE_SA, which might cause problems, when connectivity problems arise
when the connection is initially established.

Fixes #670.

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index fddd83c63be94910cf25b1c22a833477e59dc275..e63e0fa6cd22cfce431132932b145224776075c2 100644 (file)
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1487,6 +1487,14 @@ METHOD(ike_sa_t, reauth, status_t,
        {
                return INVALID_STATE;
        }
+       if (this->state == IKE_CONNECTING)
+       {
+               DBG0(DBG_IKE, "reinitiating IKE_SA %s[%d]",
+                        get_name(this), this->unique_id);
+               reset(this);
+               this->task_manager->queue_ike(this->task_manager);
+               return this->task_manager->initiate(this->task_manager);
+       }
        /* we can't reauthenticate as responder when we use EAP or virtual IPs.
         * If the peer does not support RFC4478, there is no way to keep the
         * IKE_SA up. */