Fix DNS error handling for keyexchange=ike.
authorMirko Parthey <mirko.parthey@informatik.tu-chemnitz.de>
Mon, 24 Oct 2011 23:25:15 +0000 (01:25 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 25 Oct 2011 07:44:17 +0000 (09:44 +0200)
starter fails to load a connection when a peer's DNS name is temporarily
unresolvable and keyexchange=ike was specified, which defaults to IKEv2.
The connection loads just fine in case of keyexchange=ikev2.

src/starter/confread.c

index 5f96fb1..089be1a 100644 (file)
@@ -466,7 +466,7 @@ static void handle_dns_failure(const char *label, starter_end_t *end,
                        plog("# fallback to %s=%%any due to '%%' prefix or %sallowany=yes",
                                label, label);
                }
-               else if (!end->host || conn->keyexchange != KEY_EXCHANGE_IKEV2)
+               else if (!end->host || conn->keyexchange == KEY_EXCHANGE_IKEV1)
                {
                        /* declare an error */
                        cfg->err++;