ikev2: fix non-matching SPIs during rekey

author Filip Tehlar <ftehlar@cisco.com>

Thu, 27 Feb 2020 13:14:52 +0000 (13:14 +0000)

committer Filip Tehlar <ftehlar@cisco.com>

Thu, 27 Feb 2020 13:14:52 +0000 (13:14 +0000)
author Filip Tehlar <ftehlar@cisco.com>
Thu, 27 Feb 2020 13:14:52 +0000 (13:14 +0000)
committer Filip Tehlar <ftehlar@cisco.com>
Thu, 27 Feb 2020 13:14:52 +0000 (13:14 +0000)
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c

index 55c9aa3..b0ed4f2 100644 (file)
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1541,6 +1541,8 @@ ikev2_add_tunnel_from_main (ikev2_add_ipsec_tunnel_args_t * a)
    vec_add1 (sas_in, a->remote_sa_id);
    if (a->is_rekey)
      {
+      ipsec_tun_protect_del (sw_if_index, NULL);
+
        /* replace local SA immediately */
        ipsec_sa_unlock_id (a->local_sa_id);
author	Filip Tehlar <ftehlar@cisco.com>
	Thu, 27 Feb 2020 13:14:52 +0000 (13:14 +0000)
committer	Filip Tehlar <ftehlar@cisco.com>
	Thu, 27 Feb 2020 13:14:52 +0000 (13:14 +0000)