From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 11 Jul 2025 06:50:30 +0000 (+0200)
Subject: child-cfg: Actually force narrowing TS in transport mode only as initiator
X-Git-Tag: 6.0.2~2
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=bab415ec0aa3e5197c162ead884e10f0d2a8f223;p=thirdparty%2Fstrongswan.git

child-cfg: Actually force narrowing TS in transport mode only as initiator

Closes strongswan/strongswan#2830

Fixes: ad1ad2159f0b ("child-cfg: Use traffic selector list")
---

diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 3b5d60af68..3e18a4af2f 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -300,7 +300,7 @@ linked_list_t *child_cfg_select_ts(child_cfg_t *cfg, bool local,
 
 	/* force replacing non-dynamic TS to the IPs in transport mode, but only
 	 * when proposing as initiator */
-	force = supplied && is_transport_mode(this);
+	force = !supplied && is_transport_mode(this);
 
 	result = ts->select(ts, supplied, hosts, force, &narrowed);
 	if (narrowed)