From 0cc79958fd7aa3ff770e23a9eacad2d98eae55c3 Mon Sep 17 00:00:00 2001
From: Filip Tehlar <ftehlar@cisco.com>
Date: Thu, 27 Feb 2020 13:14:52 +0000
Subject: [PATCH] ikev2: fix non-matching SPIs during rekey

Type:fix

Change-Id: I01ac57f6186b20d8ab4070b7259a82a150f0ae9a
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
---
 src/plugins/ikev2/ikev2.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 55c9aa36255..b0ed4f2a1f5 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1541,6 +1541,8 @@ ikev2_add_tunnel_from_main (ikev2_add_ipsec_tunnel_args_t * a)
   vec_add1 (sas_in, a->remote_sa_id);
   if (a->is_rekey)
     {
+      ipsec_tun_protect_del (sw_if_index, NULL);
+
       /* replace local SA immediately */
       ipsec_sa_unlock_id (a->local_sa_id);
 
-- 
2.16.6