ikev1: Reestablish SAs if reauthentication failed due to retransmits
authorTobias Brunner <tobias@strongswan.org>
Thu, 1 Mar 2018 16:53:59 +0000 (17:53 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 12 Apr 2018 13:17:24 +0000 (15:17 +0200)
src/libcharon/sa/ike_sa.c

index 7fe6d11..7f272a9 100644 (file)
@@ -2347,6 +2347,15 @@ METHOD(ike_sa_t, retransmit, status_t,
                                        return this->task_manager->initiate(this->task_manager);
                                }
                                DBG1(DBG_IKE, "establishing IKE_SA failed, peer not responding");
+
+                               if (this->version == IKEV1 && array_count(this->child_sas))
+                               {
+                                       /* if reauthenticating an IKEv1 SA failed (assumed for an SA
+                                        * in this state with CHILD_SAs), try again from scratch */
+                                       DBG1(DBG_IKE, "reauthentication failed, trying to "
+                                                "reestablish IKE_SA");
+                                       reestablish(this);
+                               }
                                break;
                        }
                        case IKE_DELETING: