diff options
author | Filip Tehlar <ftehlar@cisco.com> | 2020-02-27 13:14:52 +0000 |
---|---|---|
committer | Filip Tehlar <ftehlar@cisco.com> | 2020-02-27 13:14:52 +0000 |
commit | 0cc79958fd7aa3ff770e23a9eacad2d98eae55c3 (patch) | |
tree | 0f47a6a3f69687feb348eadfc4c5c2aaf822292f | |
parent | 7249b90ab21c20138907e692dcb6032aea9e2f0f (diff) |
ikev2: fix non-matching SPIs during rekey
Type:fix
Change-Id: I01ac57f6186b20d8ab4070b7259a82a150f0ae9a
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
-rw-r--r-- | src/plugins/ikev2/ikev2.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index 55c9aa36255..b0ed4f2a1f5 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -1541,6 +1541,8 @@ ikev2_add_tunnel_from_main (ikev2_add_ipsec_tunnel_args_t * a) vec_add1 (sas_in, a->remote_sa_id); if (a->is_rekey) { + ipsec_tun_protect_del (sw_if_index, NULL); + /* replace local SA immediately */ ipsec_sa_unlock_id (a->local_sa_id); |