unity: Change local TS to 0.0.0.0/0 as responder
authorTobias Brunner <tobias@strongswan.org>
Fri, 15 Nov 2013 14:15:19 +0000 (15:15 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 23 Jan 2014 09:35:21 +0000 (10:35 +0100)
Cisco clients and Shrew expect a remote TS of 0.0.0.0/0 if Unity is
used, otherwise Quick Mode fails.

src/libcharon/plugins/unity/unity_narrow.c

index edff51a..9f72a80 100644 (file)
@@ -97,9 +97,9 @@ static void narrow_initiator(private_unity_narrow_t *this, ike_sa_t *ike_sa,
 }
 
 /**
- * As initiator, bump up TS to 0.0.0.0/0 for on-the-wire bits
+ * As initiator and responder, bump up TS to 0.0.0.0/0 for on-the-wire bits
  */
-static void narrow_initiator_pre(linked_list_t *list)
+static void narrow_pre(linked_list_t *list, char *side)
 {
        traffic_selector_t *ts;
 
@@ -112,7 +112,7 @@ static void narrow_initiator_pre(linked_list_t *list)
                                                                                         "255.255.255.255", 65535);
        if (ts)
        {
-               DBG2(DBG_CFG, "changing proposed traffic selectors for other:");
+               DBG2(DBG_CFG, "changing proposed traffic selectors for %s:", side);
                DBG2(DBG_CFG, " %R", ts);
                list->insert_last(list, ts);
        }
@@ -149,12 +149,15 @@ METHOD(listener_t, narrow, bool,
                switch (type)
                {
                        case NARROW_INITIATOR_PRE_AUTH:
-                               narrow_initiator_pre(remote);
+                               narrow_pre(remote, "other");
                                break;
                        case NARROW_INITIATOR_POST_AUTH:
                                narrow_initiator(this, ike_sa,
                                                                 child_sa->get_config(child_sa), remote);
                                break;
+                       case NARROW_RESPONDER:
+                               narrow_pre(local, "us");
+                               break;
                        case NARROW_RESPONDER_POST:
                                narrow_responder_post(child_sa->get_config(child_sa), local);
                                break;