------------------------------------------------------------------------
r726 | mgrooms | 2010-09-01 05:47:06 +0000 (Wed, 01 Sep 2010) | 1 line
Modify iked to only create a NONE policy for the next-hop address when
the vpn gateway is not on a network locally attached to the client. This
caused communication failures as the route was being installed as
0.0.0.0 -> next-hop which is obviously incorrect.
------------------------------------------------------------------------
r724 | mgrooms | 2010-08-21 18:47:10 +0000 (Sat, 21 Aug 2010) | 2 lines
Fix a bug with the shared policy level support. When a IPsec SA expires,
the peer may attempt to initiate a new phase2 negotation as a
replacement. This will cause negotiation to fail as the source ID will
always be 0.0.0.0/0 which won't match a policy. Correct this by only
matching policies the destination ID since the source ID will always be
generic.
------------------------------------------------------------------------