This could lead to duplicates as the new IKE_SA can't delete the old one
once reauthentication is complete if it was replaced by a rekeying.
this->failed_temporarily = TRUE;
return NEED_MORE;
}
+ if (this->ike_sa->has_condition(this->ike_sa, COND_REAUTHENTICATING))
+ {
+ DBG1(DBG_IKE, "peer initiated rekeying, but we are reauthenticating");
+ this->failed_temporarily = TRUE;
+ return NEED_MORE;
+ }
if (have_half_open_children(this))
{
DBG1(DBG_IKE, "peer initiated rekeying, but a child is half-open");