From: Martin Willi <martin@strongswan.org>
Date: Mon, 30 Nov 2009 10:32:26 +0000 (+0100)
Subject: Do not propose transport mode as initiator if connection is NATed
X-Git-Tag: 4.3.6~158
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5351e519512622becde0ab884bc878296bc5c790;p=thirdparty%2Fstrongswan.git

Do not propose transport mode as initiator if connection is NATed
---

diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c
index 6325b878c0..f6719aa147 100644
--- a/src/charon/sa/tasks/child_create.c
+++ b/src/charon/sa/tasks/child_create.c
@@ -724,6 +724,12 @@ static status_t build_i(private_child_create_t *this, message_t *message)
 	this->proposals = this->config->get_proposals(this->config,
 												  this->dh_group == MODP_NONE);
 	this->mode = this->config->get_mode(this->config);
+	if (this->mode == MODE_TRANSPORT &&
+		this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY))
+	{
+		this->mode = MODE_TUNNEL;
+		DBG1(DBG_IKE, "not using transport mode, connection NATed");
+	}
 
 	this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa),
 			this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid,