/* fall-through */
}
case REDIRECT_SUPPORTED:
- this->ike_sa->enable_extension(this->ike_sa,
- EXT_IKE_REDIRECTION);
+ if (!this->old_sa)
+ {
+ this->ike_sa->enable_extension(this->ike_sa,
+ EXT_IKE_REDIRECTION);
+ }
break;
default:
/* other notifies are handled elsewhere */
this->ike_sa->set_proposal(this->ike_sa, this->proposal);
/* check if we'd have to redirect the client */
- if (this->ike_sa->supports_extension(this->ike_sa, EXT_IKE_REDIRECTION) &&
+ if (!this->old_sa &&
+ this->ike_sa->supports_extension(this->ike_sa, EXT_IKE_REDIRECTION) &&
charon->redirect->redirect_on_init(charon->redirect, this->ike_sa,
&gateway))
{
chunk_t data, nonce = chunk_empty;
status_t status = FAILED;
+ if (this->old_sa)
+ {
+ DBG1(DBG_IKE, "received REDIRECT notify during rekeying"
+ ", ignored");
+ break;
+ }
data = notify->get_notification_data(notify);
gateway = redirect_data_parse(data, &nonce);
enumerator->destroy(enumerator);
projects / strongswan.git / commitdiff