[strongSwan-dev] [PATCH] fix DNS error handling for keyexchange=ike
mirko.parthey at informatik.tu-chemnitz.de
Tue Oct 25 01:25:15 CEST 2011
starter fails to load a connection when a peer's DNS name is temporarily
unresolvable and keyexchange=ike was specified, which defaults to IKEv2.
The connection loads just fine in case of keyexchange=ikev2.
For consistency between "ike" and "ikev2", I propose the patch below.
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 5f96fb1..089be1a 100644
@@ -466,7 +466,7 @@ static void handle_dns_failure(const char *label, starter_end_t *end,
plog("# fallback to %s=%%any due to '%%' prefix or %sallowany=yes",
- else if (!end->host || conn->keyexchange != KEY_EXCHANGE_IKEV2)
+ else if (!end->host || conn->keyexchange == KEY_EXCHANGE_IKEV1)
/* declare an error */
More information about the Dev