From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 1 Mar 2018 16:53:59 +0000 (+0100)
Subject: ikev1: Reestablish SAs if reauthentication failed due to retransmits
X-Git-Tag: 5.6.3dr1~9^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ebc6defa0582bf2c022589371255046b06fc6b08;p=thirdparty%2Fstrongswan.git

ikev1: Reestablish SAs if reauthentication failed due to retransmits
---

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 7fe6d112bc..7f272a95bb 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2347,6 +2347,15 @@ METHOD(ike_sa_t, retransmit, status_t,
 					return this->task_manager->initiate(this->task_manager);
 				}
 				DBG1(DBG_IKE, "establishing IKE_SA failed, peer not responding");
+
+				if (this->version == IKEV1 && array_count(this->child_sas))
+				{
+					/* if reauthenticating an IKEv1 SA failed (assumed for an SA
+					 * in this state with CHILD_SAs), try again from scratch */
+					DBG1(DBG_IKE, "reauthentication failed, trying to "
+						 "reestablish IKE_SA");
+					reestablish(this);
+				}
 				break;
 			}
 			case IKE_DELETING: