From bab415ec0aa3e5197c162ead884e10f0d2a8f223 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 11 Jul 2025 08:50:30 +0200
Subject: [PATCH] child-cfg: Actually force narrowing TS in transport mode only
 as initiator

Closes strongswan/strongswan#2830

Fixes: ad1ad2159f0b ("child-cfg: Use traffic selector list")
---
 src/libcharon/config/child_cfg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 3b5d60af68..3e18a4af2f 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -300,7 +300,7 @@ linked_list_t *child_cfg_select_ts(child_cfg_t *cfg, bool local,
 
 	/* force replacing non-dynamic TS to the IPs in transport mode, but only
 	 * when proposing as initiator */
-	force = supplied && is_transport_mode(this);
+	force = !supplied && is_transport_mode(this);
 
 	result = ts->select(ts, supplied, hosts, force, &narrowed);
 	if (narrowed)
-- 
2.47.2