stroke: ignore a leftsourceip if a rightsourceip is given as well
authorMartin Willi <martin@revosec.ch>
Tue, 3 Sep 2013 13:44:43 +0000 (15:44 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 4 Sep 2013 08:33:38 +0000 (10:33 +0200)
As we always negotiate virtual IPs in charon, having both left- and
rightsourceip is not allowed. Both in IKEv1 and IKEv2 we support a single
configuration payload exchange only.

src/libcharon/plugins/stroke/stroke_config.c

index 2b16ad6..2e36ce3 100644 (file)
@@ -781,7 +781,13 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
                enumerator->destroy(enumerator);
        }
 
-       if (msg->add_conn.me.sourceip)
+       if (msg->add_conn.me.sourceip && msg->add_conn.other.sourceip)
+       {
+               DBG1(DBG_CFG, "'%s' has both left- and rightsourceip, but IKE can "
+                        "negotiate one virtual IP only, ignoring local virtual IP",
+                        msg->add_conn.name);
+       }
+       else if (msg->add_conn.me.sourceip)
        {
                enumerator_t *enumerator;
                char *token;