From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 25 Apr 2018 13:14:21 +0000 (+0200)
Subject: ikev1: Ignore roam events for IKEv1
X-Git-Tag: 5.6.3dr2~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8929c700ef8d92d91ce7d93a8e2d4ab746913394;p=thirdparty%2Fstrongswan.git

ikev1: Ignore roam events for IKEv1

We don't have MOBIKE and the fallback to reauthentication does also not
make much sense as that doesn't affect the CHILD_SAs for IKEv1.  So
instead of complicating the code we just ignore roam events for IKEv1
for now.

Closes strongswan/strongswan#100.
---

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 349e222476..18d1c24410 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2582,10 +2582,15 @@ METHOD(ike_sa_t, roam, status_t,
 		 * without config assigned */
 		return SUCCESS;
 	}
+	if (this->version == IKEV1)
+	{	/* ignore roam events for IKEv1 where we don't have MOBIKE and would
+		 * have to reestablish from scratch (reauth is not enough) */
+		return SUCCESS;
+	}
 
 	/* ignore roam events if MOBIKE is not supported/enabled and the local
 	 * address is statically configured */
-	if (this->version == IKEV2 && !supports_extension(this, EXT_MOBIKE) &&
+	if (!supports_extension(this, EXT_MOBIKE) &&
 		ike_cfg_has_address(this->ike_cfg, this->my_host, TRUE))
 	{
 		DBG2(DBG_IKE, "keeping statically configured path %H - %H",