diff -urNp openswan-2.6.32-cvs-patched/programs/pluto/connections.c openswan-2.6.32-current/programs/pluto/connections.c --- openswan-2.6.32-cvs-patched/programs/pluto/connections.c 2011-06-14 10:53:22.150744087 -0400 +++ openswan-2.6.32-current/programs/pluto/connections.c 2011-06-16 22:33:24.610931322 -0400 @@ -1478,6 +1478,41 @@ add_connection(const struct whack_messag DBG_log("%s", topo); ); +#ifdef HAVE_LABELED_IPSEC + if(c->loopback + && portof(&c->spd.this.client.addr)!=portof(&c->spd.that.client.addr) ) { + struct spd_route *tmp_spd; + u_int16_t tmp_this_port, tmp_that_port; + + tmp_spd = clone_thing(c->spd, "loopback asymmetrical policies"); + tmp_spd->this.id.name.ptr = NULL; + tmp_spd->this.id.name.len = 0; + tmp_spd->that.id.name.ptr = NULL; + tmp_spd->that.id.name.len = 0; + tmp_spd->this.host_addr_name = NULL; + tmp_spd->that.host_addr_name = NULL; + tmp_spd->this.updown = clone_str(tmp_spd->this.updown, "updown"); + tmp_spd->that.updown = clone_str(tmp_spd->that.updown, "updown"); + tmp_spd->this.cert_filename = NULL; + tmp_spd->that.cert_filename = NULL; + tmp_spd->this.cert.type = 0; + tmp_spd->that.cert.type = 0; + tmp_spd->this.ca.ptr = NULL; + tmp_spd->that.ca.ptr = NULL; + tmp_spd->this.groups = NULL; + tmp_spd->that.groups = NULL; + tmp_spd->this.virt = NULL; + tmp_spd->that.virt = NULL; + tmp_spd->next = NULL; + c->spd.next=tmp_spd; + + tmp_this_port= portof(&tmp_spd->this.client.addr); + tmp_that_port= portof(&tmp_spd->that.client.addr); + setportof(tmp_this_port, &tmp_spd->that.client.addr); + setportof(tmp_that_port, &tmp_spd->this.client.addr); + } +#endif + #if 0 /* Make sure that address families can be correctly inferred * from printed ends. diff -urNp openswan-2.6.32-cvs-patched/programs/pluto/xauth.c openswan-2.6.32-current/programs/pluto/xauth.c --- openswan-2.6.32-cvs-patched/programs/pluto/xauth.c 2011-06-14 10:53:22.131744931 -0400 +++ openswan-2.6.32-current/programs/pluto/xauth.c 2011-06-16 22:43:24.674909852 -0400 @@ -1935,13 +1935,13 @@ modecfg_inR1(struct msg_digest *md) tmp_spd->that.cert.type = 0; tmp_spd->this.ca.ptr = NULL; - tmp_spd->this.ca.ptr = NULL; + tmp_spd->that.ca.ptr = NULL; tmp_spd->this.groups = NULL; - tmp_spd->this.groups = NULL; + tmp_spd->that.groups = NULL; tmp_spd->this.virt = NULL; - tmp_spd->this.virt = NULL; + tmp_spd->that.virt = NULL; tmp_spd->next = NULL; tmp_spd2->next = tmp_spd;