ike: For NATted connections use host from traffic selector
authorThomas Egerer <thomas.egerer@secunet.com>
Thu, 22 Mar 2018 17:17:48 +0000 (18:17 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 3 Apr 2018 11:51:15 +0000 (13:51 +0200)
commit9ba739cb1ef683f87dae05ded5178dfa84fbb3eb
treef5196763e48c85e9fce214b665a67a694c526441
parent826b4232d3a2d1c6e748bada9aa55963e6d693c4
ike: For NATted connections use host from traffic selector

When resolving dynamic hosts with no pool configured, the code used to
replace the remote IP with the peer's perceived address. This fails for road
warriors behind NAT. Hence this patch uses the address from the remote
traffic selector proposed by the peer if NAT was detected and the
address(es) proposed are /32 or /128 subnets to the same host.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
src/libcharon/sa/ikev1/tasks/quick_mode.c
src/libcharon/sa/ikev2/tasks/child_create.c