stroke: ignore a leftsourceip if a rightsourceip is given as well

As we always negotiate virtual IPs in charon, having both left- and
rightsourceip is not allowed. Both in IKEv1 and IKEv2 we support a single
configuration payload exchange only.

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 2b16ad6835714b5f32e0de4f4e87d2333807d08e..2e36ce3a328efd59d1eac37fa79558e5763a3d85 100644 (file)
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -781,7 +781,13 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
                enumerator->destroy(enumerator);
        }
 
-       if (msg->add_conn.me.sourceip)
+       if (msg->add_conn.me.sourceip && msg->add_conn.other.sourceip)
+       {
+               DBG1(DBG_CFG, "'%s' has both left- and rightsourceip, but IKE can "
+                        "negotiate one virtual IP only, ignoring local virtual IP",
+                        msg->add_conn.name);
+       }
+       else if (msg->add_conn.me.sourceip)
        {
                enumerator_t *enumerator;
                char *token;