This prevents the run of the updown scripts when the delete is executed.
---
src/libcharon/sa/ike_sa_manager.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/libcharon/sa/ike_sa_manager.c
b/src/libcharon/sa/ike_sa_manager.c
index 9b9ad93..3cc0c45 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1900,6 +1900,12 @@ static status_t enforce_replace(private_ike_sa_manager_t
*this,
* explicitly. */
adopt_children_and_vips(duplicate, new);
}
+ DBG1(DBG_IKE, "deleting reauthenticated IKE_SA for peer '%Y'
due to "
+ "uniqueness policy", other);
+
+ /* set rekeying state so we don't run updown */
+ duplicate->set_state(duplicate, IKE_REKEYING);
+
/* For IKEv1 we have to delay the delete for the old IKE_SA.
Some
* peers need to complete the new SA first, otherwise the quick
modes
* might get lost. For IKEv2 we do the same, as we want
overlapping
--
2.5.5
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
