also respect the mobike=no setting as responder
authorMartin Willi <martin@strongswan.org>
Tue, 30 Sep 2008 12:36:58 +0000 (12:36 -0000)
committerMartin Willi <martin@strongswan.org>
Tue, 30 Sep 2008 12:36:58 +0000 (12:36 -0000)
src/charon/sa/tasks/ike_mobike.c
src/starter/ipsec.conf.5

index 25b874d..4b8e8ce 100644 (file)
@@ -117,8 +117,19 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message)
                {
                        case MOBIKE_SUPPORTED:
                        {
-                               DBG1(DBG_IKE, "peer supports MOBIKE");
-                               this->ike_sa->enable_extension(this->ike_sa, EXT_MOBIKE);
+                               peer_cfg_t *peer_cfg;
+                               
+                               peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+                               if (!this->initiator && 
+                                       peer_cfg && !peer_cfg->use_mobike(peer_cfg))
+                               {
+                                       DBG1(DBG_IKE, "peer supports MOBIKE, but disabled in config");
+                               }
+                               else
+                               {
+                                       DBG1(DBG_IKE, "peer supports MOBIKE");
+                                       this->ike_sa->enable_extension(this->ike_sa, EXT_MOBIKE);
+                               }
                                break;
                        }
                        case COOKIE2:
index afbf547..644017d 100644 (file)
@@ -686,8 +686,8 @@ enables the IKEv2 MOBIKE protocol defined by RFC 4555. Accepted values are
 .BR no .
 If set to
 .BR no ,
-the IKEv2 charon daemon will not actively propose MOBIKE but will still
-accept and support the protocol as a responder.
+the IKEv2 charon daemon will not actively propose MOBIKE as initiator and
+ignore the MOBIKE_SUPPORTED notify as responder.
 .TP
 .B modeconfig
 defines which mode is used to assign a virtual IP.