ike-sa: Reauthenticate to the same addresses we currently use
authorTobias Brunner <tobias@strongswan.org>
Thu, 30 Apr 2015 10:26:41 +0000 (12:26 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 4 Mar 2016 15:03:00 +0000 (16:03 +0100)
If the SA got redirected this would otherwise cause a reauthentication with
the original gateway.  Reestablishing the SA to the original gateway, if e.g.
the new gateway is not reachable makes sense though.

src/libcharon/sa/ike_sa.c

index 6884bf2..f524541 100644 (file)
@@ -1950,8 +1950,11 @@ METHOD(ike_sa_t, reestablish, status_t,
        host = this->my_host;
        new->set_my_host(new, host->clone(host));
        charon->bus->ike_reestablish_pre(charon->bus, &this->public, new);
-       /* resolve hosts but use the old addresses above as fallback */
-       resolve_hosts((private_ike_sa_t*)new);
+       if (!has_condition(this, COND_REAUTHENTICATING))
+       {       /* reauthenticate to the same addresses, but resolve hosts if
+                * reestablishing (old addresses serve as fallback) */
+               resolve_hosts((private_ike_sa_t*)new);
+       }
        /* if we already have a virtual IP, we reuse it */
        enumerator = array_create_enumerator(this->my_vips);
        while (enumerator->enumerate(enumerator, &host))