Do not propose transport mode as initiator if connection is NATed

author Martin Willi <martin@strongswan.org>

Mon, 30 Nov 2009 10:32:26 +0000 (11:32 +0100)

committer Martin Willi <martin@strongswan.org>

Mon, 30 Nov 2009 10:32:26 +0000 (11:32 +0100)
author Martin Willi <martin@strongswan.org>
Mon, 30 Nov 2009 10:32:26 +0000 (11:32 +0100)
committer Martin Willi <martin@strongswan.org>
Mon, 30 Nov 2009 10:32:26 +0000 (11:32 +0100)
diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c

index 6325b87..f6719aa 100644 (file)
--- a/src/charon/sa/tasks/child_create.c
+++ b/src/charon/sa/tasks/child_create.c
@@ -724,6 +724,12 @@ static status_t build_i(private_child_create_t *this, message_t *message)
         this->proposals = this->config->get_proposals(this->config,
                                                                                                   this->dh_group == MODP_NONE);
         this->mode = this->config->get_mode(this->config);
+       if (this->mode == MODE_TRANSPORT &&
+               this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY))
+       {
+               this->mode = MODE_TUNNEL;
+               DBG1(DBG_IKE, "not using transport mode, connection NATed");
+       }
  
         this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa),
                         this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid,
author	Martin Willi <martin@strongswan.org>
	Mon, 30 Nov 2009 10:32:26 +0000 (11:32 +0100)
committer	Martin Willi <martin@strongswan.org>
	Mon, 30 Nov 2009 10:32:26 +0000 (11:32 +0100)