From: Martin Willi <martin@revosec.ch>
Date: Tue, 3 Sep 2013 13:44:43 +0000 (+0200)
Subject: stroke: ignore a leftsourceip if a rightsourceip is given as well
X-Git-Tag: 5.1.1dr3~19^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a858064455bc2fda9f54889395eccee8f91fd424;p=thirdparty%2Fstrongswan.git

stroke: ignore a leftsourceip if a rightsourceip is given as well

As we always negotiate virtual IPs in charon, having both left- and
rightsourceip is not allowed. Both in IKEv1 and IKEv2 we support a single
configuration payload exchange only.
---

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 2b16ad6835..2e36ce3a32 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -781,7 +781,13 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
 		enumerator->destroy(enumerator);
 	}
 
-	if (msg->add_conn.me.sourceip)
+	if (msg->add_conn.me.sourceip && msg->add_conn.other.sourceip)
+	{
+		DBG1(DBG_CFG, "'%s' has both left- and rightsourceip, but IKE can "
+			 "negotiate one virtual IP only, ignoring local virtual IP",
+			 msg->add_conn.name);
+	}
+	else if (msg->add_conn.me.sourceip)
 	{
 		enumerator_t *enumerator;
 		char *token;