child-cfg: Actually force narrowing TS in transport mode only as initiator

Closes strongswan/strongswan#2830

Fixes: ad1ad2159f0b ("child-cfg: Use traffic selector list")

diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 3b5d60af680c3dd1a7d508c6de63862bf8520ed8..3e18a4af2f2817d748c6a1c7b20d8f26d2d89819 100644 (file)
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -300,7 +300,7 @@ linked_list_t *child_cfg_select_ts(child_cfg_t *cfg, bool local,
 
        /* force replacing non-dynamic TS to the IPs in transport mode, but only
         * when proposing as initiator */
-       force = supplied && is_transport_mode(this);
+       force = !supplied && is_transport_mode(this);
 
        result = ts->select(ts, supplied, hosts, force, &narrowed);
        if (narrowed)