ikev2: Don't recreate IKE_SA if deletion fails after make-before-break reauth
[strongswan.git] / src / libcharon / sa / ike_sa.c
index a4ad866..27b0c33 100644 (file)
@@ -2404,7 +2404,9 @@ METHOD(ike_sa_t, retransmit, status_t,
                        }
                        case IKE_DELETING:
                                DBG1(DBG_IKE, "proper IKE_SA delete failed, peer not responding");
-                               if (has_condition(this, COND_REAUTHENTICATING))
+                               if (has_condition(this, COND_REAUTHENTICATING) &&
+                                       !lib->settings->get_bool(lib->settings,
+                                                                               "%s.make_before_break", FALSE, lib->ns))
                                {
                                        DBG1(DBG_IKE, "delete during reauthentication failed, "
                                                 "trying to reestablish IKE_SA anyway");