ikev2: properly fall back to tunnel mode if transport/BEET mode not configured

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 53bd3e1..3e5dcc8 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -555,6 +555,10 @@ static status_t select_and_install(private_child_create_t *this,
                                        this->mode = MODE_TUNNEL;
                                        DBG1(DBG_IKE, "not using transport mode, not host-to-host");
                                }
+                               if (this->config->get_mode(this->config) != MODE_TRANSPORT)
+                               {
+                                       this->mode = MODE_TUNNEL;
+                               }
                                break;
                        case MODE_BEET:
                                if (!ts_list_is_host(this->tsi, NULL) ||
@@ -563,6 +567,10 @@ static status_t select_and_install(private_child_create_t *this,
                                        this->mode = MODE_TUNNEL;
                                        DBG1(DBG_IKE, "not using BEET mode, not host-to-host");
                                }
+                               if (this->config->get_mode(this->config) != MODE_BEET)
+                               {
+                                       this->mode = MODE_TUNNEL;
+                               }
                                break;
                        default:
                                break;
@@ -1169,8 +1177,6 @@ METHOD(task_t, build_r, status_t,
                return SUCCESS;
        }
 
-       this->mode = this->config->get_mode(this->config);
-
        /* check if ike_config_t included non-critical error notifies */
        enumerator = message->create_payload_enumerator(message);
        while (enumerator->enumerate(enumerator, &payload))