[strongSwan-dev] [PATCH] fix DNS error handling for keyexchange=ike

Mirko Parthey mirko.parthey at informatik.tu-chemnitz.de
Tue Oct 25 01:25:15 CEST 2011


starter fails to load a connection when a peer's DNS name is temporarily
unresolvable and keyexchange=ike was specified, which defaults to IKEv2.
The connection loads just fine in case of keyexchange=ikev2.

For consistency between "ike" and "ikev2", I propose the patch below.


diff --git a/src/starter/confread.c b/src/starter/confread.c
index 5f96fb1..089be1a 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -466,7 +466,7 @@ static void handle_dns_failure(const char *label, starter_end_t *end,
                        plog("# fallback to %s=%%any due to '%%' prefix or %sallowany=yes",
                                label, label);
-               else if (!end->host || conn->keyexchange != KEY_EXCHANGE_IKEV2)
+               else if (!end->host || conn->keyexchange == KEY_EXCHANGE_IKEV1)
                        /* declare an error */

More information about the Dev mailing list