ikev1: Ignore roam events for IKEv1
authorTobias Brunner <tobias@strongswan.org>
Wed, 25 Apr 2018 13:14:21 +0000 (15:14 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 27 Apr 2018 09:13:17 +0000 (11:13 +0200)
We don't have MOBIKE and the fallback to reauthentication does also not
make much sense as that doesn't affect the CHILD_SAs for IKEv1.  So
instead of complicating the code we just ignore roam events for IKEv1
for now.

Closes strongswan/strongswan#100.

src/libcharon/sa/ike_sa.c

index 349e222..18d1c24 100644 (file)
@@ -2582,10 +2582,15 @@ METHOD(ike_sa_t, roam, status_t,
                 * without config assigned */
                return SUCCESS;
        }
+       if (this->version == IKEV1)
+       {       /* ignore roam events for IKEv1 where we don't have MOBIKE and would
+                * have to reestablish from scratch (reauth is not enough) */
+               return SUCCESS;
+       }
 
        /* ignore roam events if MOBIKE is not supported/enabled and the local
         * address is statically configured */
-       if (this->version == IKEV2 && !supports_extension(this, EXT_MOBIKE) &&
+       if (!supports_extension(this, EXT_MOBIKE) &&
                ike_cfg_has_address(this->ike_cfg, this->my_host, TRUE))
        {
                DBG2(DBG_IKE, "keeping statically configured path %H - %H",