cfg->conn_default.seen = LEMPTY;
cfg->conn_default.startup = STARTUP_NO;
cfg->conn_default.state = STATE_IGNORE;
- cfg->conn_default.policy = POLICY_ENCRYPT | POLICY_TUNNEL | POLICY_RSASIG |
- POLICY_PFS | POLICY_REAUTH;
+ cfg->conn_default.policy = POLICY_ENCRYPT | POLICY_TUNNEL | POLICY_RSASIG | POLICY_PFS ;
cfg->conn_default.ike = clone_str(ike_defaults, "ike_defaults");
cfg->conn_default.esp = clone_str(esp_defaults, "esp_defaults");
KW_POLICY_FLAG("no", "yes", POLICY_DONT_REKEY)
break;
case KW_REAUTH:
- KW_POLICY_FLAG("yes", "no", POLICY_REAUTH)
+ KW_POLICY_FLAG("no", "yes", POLICY_DONT_REAUTH)
break;
case KW_MODECONFIG:
KW_POLICY_FLAG("push", "pull", POLICY_MODECFG_PUSH)
}
else
{
- msg.add_conn.rekey.reauth = (conn->policy & POLICY_REAUTH);
+ msg.add_conn.rekey.reauth = (conn->policy & POLICY_DONT_REAUTH) == LEMPTY;
msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds;
msg.add_conn.rekey.margin = conn->sa_rekey_margin;
projects / thirdparty / strongswan.git / commitdiff
