Hi,
starter fails to load a connection when a peer's DNS name is temporarily
unresolvable and keyexchange=ike was specified, which defaults to IKEv2.
The connection loads just fine in case of keyexchange=ikev2.
For consistency between "ike" and "ikev2", I propose the patch below.
Regards,
Mirko
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 5f96fb1..089be1a 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -466,7 +466,7 @@ static void handle_dns_failure(const char *label,
starter_end_t *end,
plog("# fallback to %s=%%any due to '%%' prefix or
%sallowany=yes",
label, label);
}
- else if (!end->host || conn->keyexchange != KEY_EXCHANGE_IKEV2)
+ else if (!end->host || conn->keyexchange == KEY_EXCHANGE_IKEV1)
{
/* declare an error */
cfg->err++;
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
