From: Tobias Brunner Date: Fri, 10 Jul 2015 08:23:02 +0000 (+0200) Subject: ike: Fall back to the current remote IP if it resolves to %any X-Git-Tag: 5.3.3dr2~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f7a3b33bc044e0c212be54be74b9497d513ca86;p=thirdparty%2Fstrongswan.git ike: Fall back to the current remote IP if it resolves to %any In some situations it might be valid for a host that configures right=%any to reestablish or reauthenticate an IKE_SA. Using %any would immediately abort the initiation causing the new SA to fail (which might already have the existing CHILD_SAs assigned). Fixes #1027. --- diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 0c13c587c4..752a75696f 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -1224,7 +1224,12 @@ static void resolve_hosts(private_ike_sa_t *this) } if (host) { - set_other_host(this, host); + if (!host->is_anyaddr(host) || + this->other_host->is_anyaddr(this->other_host)) + { /* don't set to %any if we currently have an address, but the + * address family might have changed */ + set_other_host(this, host); + } } if (this->local_host)